dharma | 8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d | Triage

Submit
Reports

Overview

overview

Static

static

8341f474da...0d.exe

windows7_x64

8341f474da...0d.exe

windows10-2004_x64

Sharing

General

Target

8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d
Size

433KB
Sample

220305-yfsktahbb7
MD5

89510b41b6a12ae16bd4d7bc1193c2fe
SHA1

10b16616fe415702945deaec38b3dcd42b178fb2
SHA256

8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d
SHA512

e2c89e8d48a8b1ad2d16cd10c620091ae0286cf7b520c52ce201dbc227fc6df22b7424d29d251658baaa6d288cf78ffb037e158eab01514913e3563a0367901b

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d.exe

Resource

win7-20220223-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d.exe

Resource

win10v2004-en-20220112

dharma persistence ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d
- Size
  
  433KB
- MD5
  
  89510b41b6a12ae16bd4d7bc1193c2fe
- SHA1
  
  10b16616fe415702945deaec38b3dcd42b178fb2
- SHA256
  
  8341f474da5bf6dde8ecfdd662bad56e3bbdd6c1362d795e9e7b9b6e13e1490d
- SHA512
  
  e2c89e8d48a8b1ad2d16cd10c620091ae0286cf7b520c52ce201dbc227fc6df22b7424d29d251658baaa6d288cf78ffb037e158eab01514913e3563a0367901b
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy