dharma | 425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913 | Triage

Submit
Reports

Overview

overview

Static

static

425e4f08a3...13.exe

windows7_x64

425e4f08a3...13.exe

windows10-2004_x64

Sharing

General

Target

425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913
Size

867KB
Sample

220708-c89h5sebgj
MD5

611951ee8ab1f66bace29d81d40fdeb3
SHA1

7769f65c969bcc8f6e677b42fcbd9d8516117437
SHA256

425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913
SHA512

a62c7b2b44084bc284ae5b57e27b2ef9375832871dcfb6863a78ebfb4a474457c5693a94566e2b37fab8e91f757a868a9615e6f09c15762934726c840d36113e

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913
- Size
  
  867KB
- MD5
  
  611951ee8ab1f66bace29d81d40fdeb3
- SHA1
  
  7769f65c969bcc8f6e677b42fcbd9d8516117437
- SHA256
  
  425e4f08a31dc3c68a1a3a2518322531a4b9043ce66a683184d4d0b6e0ae6913
- SHA512
  
  a62c7b2b44084bc284ae5b57e27b2ef9375832871dcfb6863a78ebfb4a474457c5693a94566e2b37fab8e91f757a868a9615e6f09c15762934726c840d36113e
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy