dharma | 18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c | Triage

Submit
Reports

Overview

overview

Static

static

18ba862c1a...5c.exe

windows7_x64

18ba862c1a...5c.exe

windows10-2004_x64

Sharing

General

Target

18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c
Size

290KB
Sample

220523-zyay6abffj
MD5

dc942bea79a81738046c66c1e5add4aa
SHA1

c2755f5165c93acb708e8e485fcfbadd1125049e
SHA256

18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c
SHA512

bb067c86eb1abff78d0e207da4de4aad80314410021e52d148d01491b85ca3da5f40c294a8bcbec6d2dad6f5395fc5fe4e29fd6a820bdf8398d1012749b12e54

Score

10^/10

dharma persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c.exe

Resource

win7-20220414-en

dharma persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c
- Size
  
  290KB
- MD5
  
  dc942bea79a81738046c66c1e5add4aa
- SHA1
  
  c2755f5165c93acb708e8e485fcfbadd1125049e
- SHA256
  
  18ba862c1a283c5038b02bbe84b904930ccb8d7a168f20d40b4ce5ed5427635c
- SHA512
  
  bb067c86eb1abff78d0e207da4de4aad80314410021e52d148d01491b85ca3da5f40c294a8bcbec6d2dad6f5395fc5fe4e29fd6a820bdf8398d1012749b12e54
Score

10^/10

dharma persistence ransomware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomware

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy