dharma | 1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9 | Triage

Submit
Reports

Overview

overview

Static

static

1cb7e68cfb...b9.exe

windows7_x64

1cb7e68cfb...b9.exe

windows10-2004_x64

Sharing

General

Target

1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9
Size

349KB
Sample

220607-rnmk7scbfr
MD5

73dcf1a52ef5a8c6bc66632e9000e493
SHA1

1c1f98c25117fed7edd35a802d610fbbbc7f4531
SHA256

1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9
SHA512

19484575d7e1c671a69149e579881e225a5bef4a67f1d666768bb7da963c1aa0215e4e87461b4842cdf28c4830fd895fbe1c109d0bfd031c273275a01f2f4c39

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9
- Size
  
  349KB
- MD5
  
  73dcf1a52ef5a8c6bc66632e9000e493
- SHA1
  
  1c1f98c25117fed7edd35a802d610fbbbc7f4531
- SHA256
  
  1cb7e68cfb9f3cf1d401c76b3ea2f7d75f7f4ebac852abb797eaa685d10252b9
- SHA512
  
  19484575d7e1c671a69149e579881e225a5bef4a67f1d666768bb7da963c1aa0215e4e87461b4842cdf28c4830fd895fbe1c109d0bfd031c273275a01f2f4c39
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy