dharma | ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57 | Triage

Submit
Reports

Overview

overview

Static

static

ceeebc6070...57.exe

windows7_x64

ceeebc6070...57.exe

windows10-2004_x64

Sharing

General

Target

ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57
Size

92KB
Sample

220305-x6tp5aagdk
MD5

ca0addfe1e2c58cb30c26f12238ddc20
SHA1

c3369c2894a748ac2c4b91dfabaf44734e91aaa9
SHA256

ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57
SHA512

19edbc92ff4e1989bd40118bbc996c880587aff8106cf10374e078386fd86724abba49fbd0b63008e87e2457369bec2c055bf79566b189e0cc206f1b86ad95b9

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57.exe

Resource

win7-en-20211208

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57.exe

Resource

win10v2004-en-20220112

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57
- Size
  
  92KB
- MD5
  
  ca0addfe1e2c58cb30c26f12238ddc20
- SHA1
  
  c3369c2894a748ac2c4b91dfabaf44734e91aaa9
- SHA256
  
  ceeebc607039d96fd8dea033f23e9323190c60c9aecd9fe2b93f82979af1fc57
- SHA512
  
  19edbc92ff4e1989bd40118bbc996c880587aff8106cf10374e078386fd86724abba49fbd0b63008e87e2457369bec2c055bf79566b189e0cc206f1b86ad95b9
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy