Overview

overview

10

Static

static

ffe6e42c82...b6.exe

windows7_x64

10

ffe6e42c82...b6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffe6e42c82d8c30623ab735ece82b059c8f1da4fd137f248685adc016041c1b6

  • Size

    141KB

  • Sample

    220415-hlmzhsaebq

  • MD5

    df4dcbc3624d01093ecf5b7cda186d61

  • SHA1

    8d3647b0a618da55dfbc2d1164d049c5c5f034ae

  • SHA256

    ffe6e42c82d8c30623ab735ece82b059c8f1da4fd137f248685adc016041c1b6

  • SHA512

    5951787e108cd46a06cb86ef289b0068e815d4015afa1fe2f213904dcb857264c3608ab45501d9281a078f2c2629f3ab7023421fc36c9977fd88ef3771396301

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta

Ransom Note
YOUR FILES ARE ENCRYPTED Don't worry,you can return all your files! If you want to restore them, follow this link: email [email protected] YOUR ID If you have not been answered via the link within 12 hours, write to Telegram:@pexdata - our telegram contact or http://pexdatax.com/ or email [email protected] Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
URLs

http://pexdatax.com/

Targets

    • Target

      ffe6e42c82d8c30623ab735ece82b059c8f1da4fd137f248685adc016041c1b6

    • Size

      141KB

    • MD5

      df4dcbc3624d01093ecf5b7cda186d61

    • SHA1

      8d3647b0a618da55dfbc2d1164d049c5c5f034ae

    • SHA256

      ffe6e42c82d8c30623ab735ece82b059c8f1da4fd137f248685adc016041c1b6

    • SHA512

      5951787e108cd46a06cb86ef289b0068e815d4015afa1fe2f213904dcb857264c3608ab45501d9281a078f2c2629f3ab7023421fc36c9977fd88ef3771396301

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks