Overview

overview

10

Static

static

4d934e35d9...fb.exe

windows7_x64

10

4d934e35d9...fb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d934e35d9c9a50984cb8433e1d4a2c2db4c67367a6d73b6fbda7367f3d648fb

  • Size

    342KB

  • Sample

    220326-n2ynvaghbq

  • MD5

    021164a7001d0c8f49d4fed600161c6a

  • SHA1

    99b0a720e3fc811ef1170fbbe296b1e0766d54cf

  • SHA256

    4d934e35d9c9a50984cb8433e1d4a2c2db4c67367a6d73b6fbda7367f3d648fb

  • SHA512

    eb97dee6d9f5cbd6b3c2938dde68e13037dfad795a456f3545ed48a09d6fdb8a45283a8236f926f4b7826bf3b5a57c3b234940bced5ef772e1521b13db8fec4a

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      4d934e35d9c9a50984cb8433e1d4a2c2db4c67367a6d73b6fbda7367f3d648fb

    • Size

      342KB

    • MD5

      021164a7001d0c8f49d4fed600161c6a

    • SHA1

      99b0a720e3fc811ef1170fbbe296b1e0766d54cf

    • SHA256

      4d934e35d9c9a50984cb8433e1d4a2c2db4c67367a6d73b6fbda7367f3d648fb

    • SHA512

      eb97dee6d9f5cbd6b3c2938dde68e13037dfad795a456f3545ed48a09d6fdb8a45283a8236f926f4b7826bf3b5a57c3b234940bced5ef772e1521b13db8fec4a

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks