General
-
Target
9b8ee39266f5e131f05768ed561f7dd4bed27df903fe71a276ad5a22af980f1f
-
Size
225KB
-
Sample
220326-lg2tnabag2
-
MD5
38d8196d6735ab2f722f5efa7a89deef
-
SHA1
98be4a8c94af03b163004198175068ae01f558d3
-
SHA256
9b8ee39266f5e131f05768ed561f7dd4bed27df903fe71a276ad5a22af980f1f
-
SHA512
8487675d8853dfcdad03240625655303a062e7e0c4122d19724caa4791ae8181ebeeb4a9e2bf0398039e081254acc94790b1e003070a79327559304ca7fb7dd3
Static task
static1
Behavioral task
behavioral1
Sample
9b8ee39266f5e131f05768ed561f7dd4bed27df903fe71a276ad5a22af980f1f.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
9b8ee39266f5e131f05768ed561f7dd4bed27df903fe71a276ad5a22af980f1f.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
https://tox.chat/download.html
http://pexdatax.com/
Targets
-
-
Target
9b8ee39266f5e131f05768ed561f7dd4bed27df903fe71a276ad5a22af980f1f
-
Size
225KB
-
MD5
38d8196d6735ab2f722f5efa7a89deef
-
SHA1
98be4a8c94af03b163004198175068ae01f558d3
-
SHA256
9b8ee39266f5e131f05768ed561f7dd4bed27df903fe71a276ad5a22af980f1f
-
SHA512
8487675d8853dfcdad03240625655303a062e7e0c4122d19724caa4791ae8181ebeeb4a9e2bf0398039e081254acc94790b1e003070a79327559304ca7fb7dd3
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-