General
-
Target
848a8ac13c32fe1881bcc1cde659d811d89231adf578642ba2ffd2ccf7a8af58
-
Size
575KB
-
Sample
220305-xfavbshaa6
-
MD5
36aeba4fca0a0add8d179a94d31413f1
-
SHA1
c86e8c821136ce1d5c591f30aac1bfdc8ce38836
-
SHA256
848a8ac13c32fe1881bcc1cde659d811d89231adf578642ba2ffd2ccf7a8af58
-
SHA512
05c3ee79af525df08061880eb1e2798b3c0769cfff4b31a604e26a46d78a2a2caaa972f8010b773e6eb7b93181c29139590ca9a25a5dc54d2ef912157158444f
Behavioral task
behavioral1
Sample
848a8ac13c32fe1881bcc1cde659d811d89231adf578642ba2ffd2ccf7a8af58.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
848a8ac13c32fe1881bcc1cde659d811d89231adf578642ba2ffd2ccf7a8af58.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
http://pexdatax.com/
Targets
-
-
Target
848a8ac13c32fe1881bcc1cde659d811d89231adf578642ba2ffd2ccf7a8af58
-
Size
575KB
-
MD5
36aeba4fca0a0add8d179a94d31413f1
-
SHA1
c86e8c821136ce1d5c591f30aac1bfdc8ce38836
-
SHA256
848a8ac13c32fe1881bcc1cde659d811d89231adf578642ba2ffd2ccf7a8af58
-
SHA512
05c3ee79af525df08061880eb1e2798b3c0769cfff4b31a604e26a46d78a2a2caaa972f8010b773e6eb7b93181c29139590ca9a25a5dc54d2ef912157158444f
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-