Overview

overview

10

Static

static

93fd7961d7...d9.exe

windows7_x64

10

93fd7961d7...d9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93fd7961d790aa456655d5291cc167a063ea11282012e0b749849e4517d001d9

  • Size

    159KB

  • Sample

    220330-blh71aaadr

  • MD5

    165b712bcc37596b03fbcd81f47786e3

  • SHA1

    354abcc774cf7ca19184c90aa7948b02aae1ce12

  • SHA256

    93fd7961d790aa456655d5291cc167a063ea11282012e0b749849e4517d001d9

  • SHA512

    70338fe462db87996a4293d1a20bf15d7f2505f5bf00dda7341c21ae2ff1737e4a02d2b7b9f460cf90d588effbf201d5a94d4adfcfab6c3e9302035a7005897b

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta

Ransom Note
YOUR FILES ARE ENCRYPTED Don't worry,you can return all your files! If you want to restore them, follow this link: email [email protected] YOUR ID If you have not been answered via the link within 12 hours,Tox - 1123AA3360A5AFB77D928C4CD99E9EF66EF28FCEEE1F840B93456FD9CE562B7F92204B0D8904 please download - https://tox.chat/download.html or http://pexdatax.com/ write to us by e-mail: [email protected] Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
URLs

https://tox.chat/download.html

http://pexdatax.com/

Targets

    • Target

      93fd7961d790aa456655d5291cc167a063ea11282012e0b749849e4517d001d9

    • Size

      159KB

    • MD5

      165b712bcc37596b03fbcd81f47786e3

    • SHA1

      354abcc774cf7ca19184c90aa7948b02aae1ce12

    • SHA256

      93fd7961d790aa456655d5291cc167a063ea11282012e0b749849e4517d001d9

    • SHA512

      70338fe462db87996a4293d1a20bf15d7f2505f5bf00dda7341c21ae2ff1737e4a02d2b7b9f460cf90d588effbf201d5a94d4adfcfab6c3e9302035a7005897b

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks