dharma | aace401e39380b3eb571a3d46bfb17cc58f0ecfa180b836951a229e1bb275173 | Triage

Sharing

General

Target

aace401e39380b3eb571a3d46bfb17cc58f0ecfa180b836951a229e1bb275173
Size

405KB
Sample

220625-f6b2msfghn
MD5

3ca2ca07a4e1d622e7b0b254248a9ebe
SHA1

5f031bb64923a9139157e3d4bcc454c5991f2240
SHA256

aace401e39380b3eb571a3d46bfb17cc58f0ecfa180b836951a229e1bb275173
SHA512

8b87a673759fcfbe49f60d695f3c0408c7732db3ab785e76e69fc65fe2bfd23bc7b4dcfddad36e788c91c82107139c4f40b0701717e22c89d447572b4e2d1098

Score

10^/10

dharma persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  aace401e39380b3eb571a3d46bfb17cc58f0ecfa180b836951a229e1bb275173
- Size
  
  405KB
- MD5
  
  3ca2ca07a4e1d622e7b0b254248a9ebe
- SHA1
  
  5f031bb64923a9139157e3d4bcc454c5991f2240
- SHA256
  
  aace401e39380b3eb571a3d46bfb17cc58f0ecfa180b836951a229e1bb275173
- SHA512
  
  8b87a673759fcfbe49f60d695f3c0408c7732db3ab785e76e69fc65fe2bfd23bc7b4dcfddad36e788c91c82107139c4f40b0701717e22c89d447572b4e2d1098
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware