Overview

overview

10

Static

static

1fefdcad66...d0.exe

windows7_x64

10

1fefdcad66...d0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fefdcad66245c5731cd3b81b189b34da4d868444c2527674dc342a43fa576d0

  • Size

    565KB

  • Sample

    220612-rhwlxsefcj

  • MD5

    af1f766213f5d5fc95c8a2739e13552f

  • SHA1

    c293a5c354d3b8576f643116b346c4d88af82212

  • SHA256

    1fefdcad66245c5731cd3b81b189b34da4d868444c2527674dc342a43fa576d0

  • SHA512

    8c469bdf38cc6238a7a92f4499ed5ef44d8101090625c0dc60579577154bdebe7c7e06b1b5d170f66e044f5976786b1de15b7c2cec7e4adb9c7ad7d773ee5b92

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      1fefdcad66245c5731cd3b81b189b34da4d868444c2527674dc342a43fa576d0

    • Size

      565KB

    • MD5

      af1f766213f5d5fc95c8a2739e13552f

    • SHA1

      c293a5c354d3b8576f643116b346c4d88af82212

    • SHA256

      1fefdcad66245c5731cd3b81b189b34da4d868444c2527674dc342a43fa576d0

    • SHA512

      8c469bdf38cc6238a7a92f4499ed5ef44d8101090625c0dc60579577154bdebe7c7e06b1b5d170f66e044f5976786b1de15b7c2cec7e4adb9c7ad7d773ee5b92

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks