General
-
Target
42e1a33b659f0a2d47ab7de199963477928ae467c02d1f1648775f56318763ce
-
Size
1.9MB
-
Sample
220708-a4e3maahdn
-
MD5
4aac82521496215dd66dd50d3783a66d
-
SHA1
5daa1a902d25d6a5e0e416cac7cee1d056fff041
-
SHA256
42e1a33b659f0a2d47ab7de199963477928ae467c02d1f1648775f56318763ce
-
SHA512
788547b1a98e176dfdffcddcd956aa7c148f941f895a1694dff258ff8bee8506d72c01fae5be681a2388f73b22a536f342900104e78406278b115e67f978e1e9
Static task
static1
Behavioral task
behavioral1
Sample
42e1a33b659f0a2d47ab7de199963477928ae467c02d1f1648775f56318763ce.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
42e1a33b659f0a2d47ab7de199963477928ae467c02d1f1648775f56318763ce.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Targets
-
-
Target
42e1a33b659f0a2d47ab7de199963477928ae467c02d1f1648775f56318763ce
-
Size
1.9MB
-
MD5
4aac82521496215dd66dd50d3783a66d
-
SHA1
5daa1a902d25d6a5e0e416cac7cee1d056fff041
-
SHA256
42e1a33b659f0a2d47ab7de199963477928ae467c02d1f1648775f56318763ce
-
SHA512
788547b1a98e176dfdffcddcd956aa7c148f941f895a1694dff258ff8bee8506d72c01fae5be681a2388f73b22a536f342900104e78406278b115e67f978e1e9
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-