Overview

overview

10

Static

static

469efe68cb...7c.exe

windows7_x64

10

469efe68cb...7c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    469efe68cb8dce6d180dd16175c73eef0abe6036792664382b9580ff283a177c

  • Size

    206KB

  • Sample

    220326-l34kdafhek

  • MD5

    5cb38c769dae60114d5e75d7a0807f21

  • SHA1

    fbfc3ce01280412eba4b18af45c3ce8ccf2e9b9f

  • SHA256

    469efe68cb8dce6d180dd16175c73eef0abe6036792664382b9580ff283a177c

  • SHA512

    6ab8ae9a50a4af0b09f101ade92f24e394a1b79dc69a00cfb2044b054eb76085e4d67f5fd682c229a04fd9ba5116ae9419a7985660c5f02d801753a91ae897ca

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      469efe68cb8dce6d180dd16175c73eef0abe6036792664382b9580ff283a177c

    • Size

      206KB

    • MD5

      5cb38c769dae60114d5e75d7a0807f21

    • SHA1

      fbfc3ce01280412eba4b18af45c3ce8ccf2e9b9f

    • SHA256

      469efe68cb8dce6d180dd16175c73eef0abe6036792664382b9580ff283a177c

    • SHA512

      6ab8ae9a50a4af0b09f101ade92f24e394a1b79dc69a00cfb2044b054eb76085e4d67f5fd682c229a04fd9ba5116ae9419a7985660c5f02d801753a91ae897ca

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks