Overview

overview

10

Static

static

7608b7b27a...c2.exe

windows7_x64

10

7608b7b27a...c2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7608b7b27a11e7ad78651c92b82469161123f2a0ceaf006cfff2f2f52f05d7c2

  • Size

    440KB

  • Sample

    220330-bl3xeaeaa7

  • MD5

    2a71eedf8cf4a13b40f0db24cf9a1d94

  • SHA1

    84748cec9ad525b9a684a3d740f2bd4b5d276282

  • SHA256

    7608b7b27a11e7ad78651c92b82469161123f2a0ceaf006cfff2f2f52f05d7c2

  • SHA512

    f12101bde6e9c82a8a56c2bad883812791230bf6ee79c9b0ef5810ef231dff5f881c33ae866f2d53a9dd6b008c1d153cde9d70bc8f5a41152c42e4a28fc6dc69

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      7608b7b27a11e7ad78651c92b82469161123f2a0ceaf006cfff2f2f52f05d7c2

    • Size

      440KB

    • MD5

      2a71eedf8cf4a13b40f0db24cf9a1d94

    • SHA1

      84748cec9ad525b9a684a3d740f2bd4b5d276282

    • SHA256

      7608b7b27a11e7ad78651c92b82469161123f2a0ceaf006cfff2f2f52f05d7c2

    • SHA512

      f12101bde6e9c82a8a56c2bad883812791230bf6ee79c9b0ef5810ef231dff5f881c33ae866f2d53a9dd6b008c1d153cde9d70bc8f5a41152c42e4a28fc6dc69

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks