Overview

overview

10

Static

static

add93ff665...e0.exe

windows7_x64

10

add93ff665...e0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    add93ff66529e153263c05c8a01ea9b433788b861a2a5eb3def7bd538eb143e0

  • Size

    341KB

  • Sample

    220325-hndtmaffdl

  • MD5

    d991b38f6102454e3148d402ddde6497

  • SHA1

    a316dfc04d167b003c61d21e577ba79324138c19

  • SHA256

    add93ff66529e153263c05c8a01ea9b433788b861a2a5eb3def7bd538eb143e0

  • SHA512

    baa8d57919f8ef7eaf26f00dc1ce0acf13fc55ab6750488e2dfbcd59e89dd5b0b63582f9ff5e06a14226f5e753cf84af7d4f87cac768204ddae03626877bb9b2

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      add93ff66529e153263c05c8a01ea9b433788b861a2a5eb3def7bd538eb143e0

    • Size

      341KB

    • MD5

      d991b38f6102454e3148d402ddde6497

    • SHA1

      a316dfc04d167b003c61d21e577ba79324138c19

    • SHA256

      add93ff66529e153263c05c8a01ea9b433788b861a2a5eb3def7bd538eb143e0

    • SHA512

      baa8d57919f8ef7eaf26f00dc1ce0acf13fc55ab6750488e2dfbcd59e89dd5b0b63582f9ff5e06a14226f5e753cf84af7d4f87cac768204ddae03626877bb9b2

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks