Overview

overview

10

Static

static

29b61912c6...eb.exe

windows7_x64

10

29b61912c6...eb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb

  • Size

    210KB

  • Sample

    220615-qpyjesgefq

  • MD5

    80fb4b0bc0d8eb87fc2ee774e648c950

  • SHA1

    c002d0525c5bc8b15d01a5f7ee5497cd16349c29

  • SHA256

    29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb

  • SHA512

    2fe32b48ac8ded70c2d797e88e354374970a0021352f2dd75ce18d09f011bd3b2ae7dc4fe493f31de2004e3521915561afd8deec99580d2fc75af7806a117864

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb

    • Size

      210KB

    • MD5

      80fb4b0bc0d8eb87fc2ee774e648c950

    • SHA1

      c002d0525c5bc8b15d01a5f7ee5497cd16349c29

    • SHA256

      29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb

    • SHA512

      2fe32b48ac8ded70c2d797e88e354374970a0021352f2dd75ce18d09f011bd3b2ae7dc4fe493f31de2004e3521915561afd8deec99580d2fc75af7806a117864

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks