dharma | abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787 | Triage

Submit
Reports

Overview

overview

Static

static

abc2e1f04e...87.exe

windows7_x64

abc2e1f04e...87.exe

windows10-2004_x64

Sharing

General

Target

abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787
Size

323KB
Sample

220625-js8p8secf9
MD5

37a0a472ce93fd1bc92c6a081acbb6d8
SHA1

deb6224ae47da2c2ad966799214e84db01f0ee3d
SHA256

abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787
SHA512

d6da7585b6cc16aab999da4eacb71857466b0c794c45ec1863530e25618dbab2b189fa955ba46d698a25b224e455a6982cb3ccd04055c6ee0a6a7d9d205f7293

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787
- Size
  
  323KB
- MD5
  
  37a0a472ce93fd1bc92c6a081acbb6d8
- SHA1
  
  deb6224ae47da2c2ad966799214e84db01f0ee3d
- SHA256
  
  abc2e1f04ec553ae837682b32ab3c970c5ba434b6ffef2666376373844948787
- SHA512
  
  d6da7585b6cc16aab999da4eacb71857466b0c794c45ec1863530e25618dbab2b189fa955ba46d698a25b224e455a6982cb3ccd04055c6ee0a6a7d9d205f7293
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy