dharma

General

Target

af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
Size

133KB
Sample

220305-wykxksghc7
MD5

65a875267a495f0b3f54b4155b23ac01
SHA1

0c1ce34b1e4c24bfd410c224d86cf3edcfb3a258
SHA256

af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
SHA512

eb481ecdfde628b7fd1f8e9fa1312b771b8093d310d6432960e4c158f47a7f409dcc91ae2a158c263b1e0eeaf09fc2e0b00d3ff3ba40672b088c6a98539f39b6

Score

10^/10

Malware Config

Targets

- Target
  
  af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
- Size
  
  133KB
- MD5
  
  65a875267a495f0b3f54b4155b23ac01
- SHA1
  
  0c1ce34b1e4c24bfd410c224d86cf3edcfb3a258
- SHA256
  
  af102c104f53ddcb2b92a53596330646070fd5335190c28b36015beb3eb1e09d
- SHA512
  
  eb481ecdfde628b7fd1f8e9fa1312b771b8093d310d6432960e4c158f47a7f409dcc91ae2a158c263b1e0eeaf09fc2e0b00d3ff3ba40672b088c6a98539f39b6
Score

10^/10

dharma neshta persistence ransomware spyware stealer
- Detect Neshta Payload
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2