dharma | 29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb | Triage

Submit
Reports

Overview

overview

Static

static

29b61912c6...eb.exe

windows7_x64

29b61912c6...eb.exe

windows10-2004_x64

Sharing

General

Target

29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb
Size

210KB
Sample

220615-qpyjesgefq
MD5

80fb4b0bc0d8eb87fc2ee774e648c950
SHA1

c002d0525c5bc8b15d01a5f7ee5497cd16349c29
SHA256

29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb
SHA512

2fe32b48ac8ded70c2d797e88e354374970a0021352f2dd75ce18d09f011bd3b2ae7dc4fe493f31de2004e3521915561afd8deec99580d2fc75af7806a117864

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb
- Size
  
  210KB
- MD5
  
  80fb4b0bc0d8eb87fc2ee774e648c950
- SHA1
  
  c002d0525c5bc8b15d01a5f7ee5497cd16349c29
- SHA256
  
  29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb
- SHA512
  
  2fe32b48ac8ded70c2d797e88e354374970a0021352f2dd75ce18d09f011bd3b2ae7dc4fe493f31de2004e3521915561afd8deec99580d2fc75af7806a117864
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy