dharma | 541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261 | Triage

Submit
Reports

Overview

overview

Static

static

9

541ac782fa...61.exe

windows7_x64

541ac782fa...61.exe

windows10-2004_x64

Sharing

General

Target

541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261
Size

573KB
Sample

220316-zsqsesgea3
MD5

7a541f021321604f9ecdaf73a91dc6bf
SHA1

9f1ef10662e33a1d4dddb0c46ab7df957a20798a
SHA256

541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261
SHA512

70958fa7cb16404964346c95d8ecdb3672df8a01a303e4bac924626dcd9f5f7a7523616594f3c4b92cd08afc764a32136608ab15cee375b1e74b3afda7e0ea8e

Score

10^/10

dharma cryptone packer persistence ransomware spyware stealer

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261.exe

Resource

win7-20220310-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261.exe

Resource

win10v2004-en-20220113

dharma persistence ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261
- Size
  
  573KB
- MD5
  
  7a541f021321604f9ecdaf73a91dc6bf
- SHA1
  
  9f1ef10662e33a1d4dddb0c46ab7df957a20798a
- SHA256
  
  541ac782fa300f3cd3f7315770aeb2c3937f107ea565cfb4fe09bcc86e0a0261
- SHA512
  
  70958fa7cb16404964346c95d8ecdb3672df8a01a303e4bac924626dcd9f5f7a7523616594f3c4b92cd08afc764a32136608ab15cee375b1e74b3afda7e0ea8e
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy