General
-
Target
947196ecb0723f7bfe47b7f01a761a0e9bfbe55ae1f23d787eed4727d1e057b9
-
Size
182KB
-
Sample
220625-lpj9ksfbfq
-
MD5
0f40981a135e9c9c4d09b09257eeba9e
-
SHA1
a10fd4321c9cc3281a12212d787a2952f4ed08bb
-
SHA256
947196ecb0723f7bfe47b7f01a761a0e9bfbe55ae1f23d787eed4727d1e057b9
-
SHA512
320b02834362e2e9d6104b7bb502220d1b55c75b6b82749610ea744bdfa8965a570a8056727ee60f5332fe3272a247499fda73f7d71af6efa32e8c2c8fc3143c
Static task
static1
Behavioral task
behavioral1
Sample
947196ecb0723f7bfe47b7f01a761a0e9bfbe55ae1f23d787eed4727d1e057b9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
947196ecb0723f7bfe47b7f01a761a0e9bfbe55ae1f23d787eed4727d1e057b9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Targets
-
-
Target
947196ecb0723f7bfe47b7f01a761a0e9bfbe55ae1f23d787eed4727d1e057b9
-
Size
182KB
-
MD5
0f40981a135e9c9c4d09b09257eeba9e
-
SHA1
a10fd4321c9cc3281a12212d787a2952f4ed08bb
-
SHA256
947196ecb0723f7bfe47b7f01a761a0e9bfbe55ae1f23d787eed4727d1e057b9
-
SHA512
320b02834362e2e9d6104b7bb502220d1b55c75b6b82749610ea744bdfa8965a570a8056727ee60f5332fe3272a247499fda73f7d71af6efa32e8c2c8fc3143c
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-