dharma | 449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a | Triage

Submit
Reports

Overview

overview

Static

static

449739b252...4a.exe

windows7_x64

449739b252...4a.exe

windows10-2004_x64

Sharing

General

Target

449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a
Size

358KB
Sample

220508-gma6nsgff8
MD5

0e39f9bcb4eabac1bff3354f19ceaa82
SHA1

fdc0d5d7848ad9b007ece99307600424e490c6b2
SHA256

449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a
SHA512

bf6390121a4ef8063228e25a8c824dc66e602809a4f95a7f500b86bb9189deab4931f2b1764469d0aacc7547f6ee0ed0b6aa6d76319e3e1c4de4f1257a232164

Score

10^/10

dharma persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a.exe

Resource

win7-20220414-en

dharma persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a
- Size
  
  358KB
- MD5
  
  0e39f9bcb4eabac1bff3354f19ceaa82
- SHA1
  
  fdc0d5d7848ad9b007ece99307600424e490c6b2
- SHA256
  
  449739b252b03a17ad6195843f556098da5d71370573b2d654870f86c95e324a
- SHA512
  
  bf6390121a4ef8063228e25a8c824dc66e602809a4f95a7f500b86bb9189deab4931f2b1764469d0aacc7547f6ee0ed0b6aa6d76319e3e1c4de4f1257a232164
Score

10^/10

dharma persistence ransomware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomware

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy