dharma | 23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e | Triage

Submit
Reports

Overview

overview

Static

static

23b61ce11f...1e.exe

windows7_x64

23b61ce11f...1e.exe

windows10-2004_x64

Sharing

General

Target

23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e
Size

404KB
Sample

220612-azj6safacn
MD5

faba065344e5f585a8e7acfce2ffff5f
SHA1

bdbbc7f1ec213771a593dfc8f273e2c0b28a46af
SHA256

23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e
SHA512

ea128b2e682085bf41fc5b322f89ea4d8c1f6090bdf723d688818f91e3e6395a05368c1029ca7c647d90e4bce118ddea9f19fd4b73938636862d2047c664986e

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e
- Size
  
  404KB
- MD5
  
  faba065344e5f585a8e7acfce2ffff5f
- SHA1
  
  bdbbc7f1ec213771a593dfc8f273e2c0b28a46af
- SHA256
  
  23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921e
- SHA512
  
  ea128b2e682085bf41fc5b322f89ea4d8c1f6090bdf723d688818f91e3e6395a05368c1029ca7c647d90e4bce118ddea9f19fd4b73938636862d2047c664986e
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy