dharma | 1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713 | Triage

Submit
Reports

Overview

overview

Static

static

9

1d6463170b...13.exe

windows7_x64

1d6463170b...13.exe

windows10-2004_x64

Sharing

General

Target

1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713
Size

575KB
Sample

220315-x2nnbadddk
MD5

28527433b0bd73c50a6a6921e1053124
SHA1

7a89b07d4e695a4745ad6732e5a4a14eeba85cff
SHA256

1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713
SHA512

f5b2a51c9271dd42aa52c68d77c9558cc02241ef6a022dbd56ed28dd08e801733ec50917424fd4c8568553508f4e1abfa0dcc1032d9e424c4bab589950253d66

Score

10^/10

dharma cryptone packer persistence ransomware spyware stealer

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713.exe

Resource

win7-20220311-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713.exe

Resource

win10v2004-en-20220113

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713
- Size
  
  575KB
- MD5
  
  28527433b0bd73c50a6a6921e1053124
- SHA1
  
  7a89b07d4e695a4745ad6732e5a4a14eeba85cff
- SHA256
  
  1d6463170b7e71234a1fe0ddde27dff4285c45a8b11b57061c78639092154713
- SHA512
  
  f5b2a51c9271dd42aa52c68d77c9558cc02241ef6a022dbd56ed28dd08e801733ec50917424fd4c8568553508f4e1abfa0dcc1032d9e424c4bab589950253d66
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy