General
-
Target
123a5fd056af259f61651556412318f30af49d435a442acc4c79def21aa172ea
-
Size
3.7MB
-
Sample
220507-zf1f4aeaa7
-
MD5
f5adcc295d58d72e8a3dc5068b89241b
-
SHA1
a8420f69ae8b8cf95fafe56d4c16b9f01e83e741
-
SHA256
123a5fd056af259f61651556412318f30af49d435a442acc4c79def21aa172ea
-
SHA512
fc4256f79c4c637bd8d0e0eee245ee9a6b789b173314db9f7fc5352e068357cd8fda1f5638af9d0467c3b8f380e8536d9996dc86c74ea84d3703928d4968a651
Static task
static1
Behavioral task
behavioral1
Sample
123a5fd056af259f61651556412318f30af49d435a442acc4c79def21aa172ea.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
123a5fd056af259f61651556412318f30af49d435a442acc4c79def21aa172ea.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
123a5fd056af259f61651556412318f30af49d435a442acc4c79def21aa172ea
-
Size
3.7MB
-
MD5
f5adcc295d58d72e8a3dc5068b89241b
-
SHA1
a8420f69ae8b8cf95fafe56d4c16b9f01e83e741
-
SHA256
123a5fd056af259f61651556412318f30af49d435a442acc4c79def21aa172ea
-
SHA512
fc4256f79c4c637bd8d0e0eee245ee9a6b789b173314db9f7fc5352e068357cd8fda1f5638af9d0467c3b8f380e8536d9996dc86c74ea84d3703928d4968a651
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-