Overview

overview

10

Static

static

5dc0135e15...12.exe

windows7_x64

3

5dc0135e15...12.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5dc0135e15dd1e38e3017d04a73d45fdb0460a57ae249ca2e85093b2a89c5112

  • Size

    323KB

  • Sample

    220524-d6e27aedc3

  • MD5

    9481b4675e3db5db4d0e56a8a9521db3

  • SHA1

    2b045106cbcdf4ecb614ef04eed6872834fc202d

  • SHA256

    5dc0135e15dd1e38e3017d04a73d45fdb0460a57ae249ca2e85093b2a89c5112

  • SHA512

    c9ab726c263a71072d23c4e5d224171af271fe9204418e6120e9ab0f695f9f71c131af05ee23072a6604af4ff3ec805d14ec778c28f17a6a224286d230af0b8f

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      5dc0135e15dd1e38e3017d04a73d45fdb0460a57ae249ca2e85093b2a89c5112

    • Size

      323KB

    • MD5

      9481b4675e3db5db4d0e56a8a9521db3

    • SHA1

      2b045106cbcdf4ecb614ef04eed6872834fc202d

    • SHA256

      5dc0135e15dd1e38e3017d04a73d45fdb0460a57ae249ca2e85093b2a89c5112

    • SHA512

      c9ab726c263a71072d23c4e5d224171af271fe9204418e6120e9ab0f695f9f71c131af05ee23072a6604af4ff3ec805d14ec778c28f17a6a224286d230af0b8f

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks