dharma | 61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555 | Triage

Submit
Reports

Overview

overview

Static

static

61f686e131...55.exe

windows7_x64

61f686e131...55.exe

windows10-2004_x64

Sharing

General

Target

61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555
Size

362KB
Sample

220327-zktjcacgf2
MD5

cadd65c4f59af5858b87a9578f94d269
SHA1

c208d9ff38c0dd85e81e49e999d31731ed27aaed
SHA256

61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555
SHA512

41f1379188bdab9dada8833e4eb8058b7a7878db48260c76437ae45d36352a8ae8ce8b795938225b1564b758b5f54d82c809fa5b2509a1c5d8822aac36ae840a

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555.exe

Resource

win7-20220331-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555.exe

Resource

win10v2004-20220331-en

dharma persistence ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555
- Size
  
  362KB
- MD5
  
  cadd65c4f59af5858b87a9578f94d269
- SHA1
  
  c208d9ff38c0dd85e81e49e999d31731ed27aaed
- SHA256
  
  61f686e131b055473303fde1c0fa135479ee7bb46ebe567790ad0a6d7a1f1555
- SHA512
  
  41f1379188bdab9dada8833e4eb8058b7a7878db48260c76437ae45d36352a8ae8ce8b795938225b1564b758b5f54d82c809fa5b2509a1c5d8822aac36ae840a
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy