Overview

overview

10

Static

static

87be242c76...19.exe

windows7_x64

10

87be242c76...19.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87be242c76c959d2f30288245e2221856f667d918a306b100046f9264146dc19

  • Size

    180KB

  • Sample

    220508-g3lbkshcb2

  • MD5

    ea59aebcc5588a41fdb9929349bf74af

  • SHA1

    ddb409120441833252210b193785a15fbd381c5e

  • SHA256

    87be242c76c959d2f30288245e2221856f667d918a306b100046f9264146dc19

  • SHA512

    67e9c412db7c7aac590312f6407b1a7f6dac697b0325aed5c8501d033d8b866aa839c9720e60f38a85e409f8d99857004e615e91e04dca919919aaf35ac52232

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      87be242c76c959d2f30288245e2221856f667d918a306b100046f9264146dc19

    • Size

      180KB

    • MD5

      ea59aebcc5588a41fdb9929349bf74af

    • SHA1

      ddb409120441833252210b193785a15fbd381c5e

    • SHA256

      87be242c76c959d2f30288245e2221856f667d918a306b100046f9264146dc19

    • SHA512

      67e9c412db7c7aac590312f6407b1a7f6dac697b0325aed5c8501d033d8b866aa839c9720e60f38a85e409f8d99857004e615e91e04dca919919aaf35ac52232

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks