dharma | 4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0 | Triage

Submit
Reports

Overview

overview

Static

static

4bf86347bf...f0.exe

windows7_x64

4bf86347bf...f0.exe

windows10-2004_x64

Sharing

General

Target

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
Size

757KB
Sample

220712-j2sqdaccb4
MD5

6c7215b113d0d0fad9835cb98113bc1f
SHA1

ed921a96f3360f5b1fe67b957818b67a5cbaff62
SHA256

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
SHA512

2e2f1f090365c54085136fdc6e844f6b81249cf2b3505e25fa711a689e567e8eec6f5e60cf95875623cc175b88b49d62cc17019cb53246e10ea2f5702d54e787

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0.exe

Resource

win7-20220414-en

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0.exe

Resource

win10v2004-20220414-en

dharma persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
- Size
  
  757KB
- MD5
  
  6c7215b113d0d0fad9835cb98113bc1f
- SHA1
  
  ed921a96f3360f5b1fe67b957818b67a5cbaff62
- SHA256
  
  4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
- SHA512
  
  2e2f1f090365c54085136fdc6e844f6b81249cf2b3505e25fa711a689e567e8eec6f5e60cf95875623cc175b88b49d62cc17019cb53246e10ea2f5702d54e787
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomware

© 2018-2024

Terms | Privacy