General
-
Target
cc6f2dc63ac125ebd95e2f07ed7d9ab029b880c0cdf40f5ab2445c9fe3f794ff
-
Size
377KB
-
Sample
220328-14nymsfha9
-
MD5
015656aa652d25da15acca8e2075c327
-
SHA1
2fec41931598050e2e10bfd5c54818066d62cb79
-
SHA256
cc6f2dc63ac125ebd95e2f07ed7d9ab029b880c0cdf40f5ab2445c9fe3f794ff
-
SHA512
48a016c2740f89eee4827560dc7c1a69d8b10f3b9aaad5287b4596f61b17119d6f00b9e1b486eb413b602a8e0b2270d6935efc86adfa2631837c57606193d769
Static task
static1
Behavioral task
behavioral1
Sample
cc6f2dc63ac125ebd95e2f07ed7d9ab029b880c0cdf40f5ab2445c9fe3f794ff.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
cc6f2dc63ac125ebd95e2f07ed7d9ab029b880c0cdf40f5ab2445c9fe3f794ff.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
https://tox.chat/download.html
http://pexdatax.com/
Targets
-
-
Target
cc6f2dc63ac125ebd95e2f07ed7d9ab029b880c0cdf40f5ab2445c9fe3f794ff
-
Size
377KB
-
MD5
015656aa652d25da15acca8e2075c327
-
SHA1
2fec41931598050e2e10bfd5c54818066d62cb79
-
SHA256
cc6f2dc63ac125ebd95e2f07ed7d9ab029b880c0cdf40f5ab2445c9fe3f794ff
-
SHA512
48a016c2740f89eee4827560dc7c1a69d8b10f3b9aaad5287b4596f61b17119d6f00b9e1b486eb413b602a8e0b2270d6935efc86adfa2631837c57606193d769
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-