General
-
Target
372dc363e3dcc4399b84f1c2e594e698bc1e65b9baf853dc1209ddaad52dde9d
-
Size
222KB
-
Sample
220626-agyw8aheer
-
MD5
765e03856ba709f12220f31638ae237c
-
SHA1
6283d47cc404e866c7f68a0cebc71527ef31aecb
-
SHA256
372dc363e3dcc4399b84f1c2e594e698bc1e65b9baf853dc1209ddaad52dde9d
-
SHA512
45763abf8a8984117a5351b1d32af3df618d86fba35e8dd74be4c9f4c031c79eb72d423ccbb70287fd8a697b962cebb3164b49889b839ebdbde8eb3f6263be2e
Static task
static1
Behavioral task
behavioral1
Sample
372dc363e3dcc4399b84f1c2e594e698bc1e65b9baf853dc1209ddaad52dde9d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
372dc363e3dcc4399b84f1c2e594e698bc1e65b9baf853dc1209ddaad52dde9d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Targets
-
-
Target
372dc363e3dcc4399b84f1c2e594e698bc1e65b9baf853dc1209ddaad52dde9d
-
Size
222KB
-
MD5
765e03856ba709f12220f31638ae237c
-
SHA1
6283d47cc404e866c7f68a0cebc71527ef31aecb
-
SHA256
372dc363e3dcc4399b84f1c2e594e698bc1e65b9baf853dc1209ddaad52dde9d
-
SHA512
45763abf8a8984117a5351b1d32af3df618d86fba35e8dd74be4c9f4c031c79eb72d423ccbb70287fd8a697b962cebb3164b49889b839ebdbde8eb3f6263be2e
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-