Overview

overview

10

Static

static

c12472bf98...9c.exe

windows7_x64

10

c12472bf98...9c.exe

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c12472bf9837449057268026463065fc9961ebbd3dc31d91d243392addfade9c

  • Size

    409KB

  • Sample

    220625-gb1l7aacf6

  • MD5

    a36f6f92b7f02ef5232b5a2c22a4b45e

  • SHA1

    30c19a15a1c0ec091f6f18c6434b421e35c1e4c6

  • SHA256

    c12472bf9837449057268026463065fc9961ebbd3dc31d91d243392addfade9c

  • SHA512

    2c066257d3d839aec88d33d5b6e3f636e0dcffd29fff9a1ff6d6f417587ccc56e4483e07c5a8a4f014f1d2b6dfcb085c154e8b22108ae5a0023e27342ab0ccbf

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      c12472bf9837449057268026463065fc9961ebbd3dc31d91d243392addfade9c

    • Size

      409KB

    • MD5

      a36f6f92b7f02ef5232b5a2c22a4b45e

    • SHA1

      30c19a15a1c0ec091f6f18c6434b421e35c1e4c6

    • SHA256

      c12472bf9837449057268026463065fc9961ebbd3dc31d91d243392addfade9c

    • SHA512

      2c066257d3d839aec88d33d5b6e3f636e0dcffd29fff9a1ff6d6f417587ccc56e4483e07c5a8a4f014f1d2b6dfcb085c154e8b22108ae5a0023e27342ab0ccbf

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks