dharma | 87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767 | Triage

Submit
Reports

Overview

overview

Static

static

87bba561f6...67.exe

windows7_x64

87bba561f6...67.exe

windows10-2004_x64

Sharing

General

Target

87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767
Size

267KB
Sample

220418-l89ctaedd8
MD5

082973ffc65f68aa42aec9bbab90de1b
SHA1

3a3e4616f5e1163a4960cf64cd96a7ad63c48bb8
SHA256

87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767
SHA512

4098c24b84117d54765e763986ec252a64e852f8c34d114d3ec6c8106a49358c283bf829203c1ddd897751381754d9a2849149a33e36ba6a400e34530a3f0bdf

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767
- Size
  
  267KB
- MD5
  
  082973ffc65f68aa42aec9bbab90de1b
- SHA1
  
  3a3e4616f5e1163a4960cf64cd96a7ad63c48bb8
- SHA256
  
  87bba561f6a0f7cd29f92211be2fe0de2541f6d5ab321e42aeabd8c2de4f5767
- SHA512
  
  4098c24b84117d54765e763986ec252a64e852f8c34d114d3ec6c8106a49358c283bf829203c1ddd897751381754d9a2849149a33e36ba6a400e34530a3f0bdf
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy