General
-
Target
5023afdaf8cb121770ce3f3d6355ed84f3d103ef82e1257e14313ee17461a705
-
Size
323KB
-
Sample
220719-qvapjsdchp
-
MD5
5206fef8c033abdcfbf00538df0c517e
-
SHA1
7deed3e7035e071b4f62e385c1c4de8c57eee034
-
SHA256
5023afdaf8cb121770ce3f3d6355ed84f3d103ef82e1257e14313ee17461a705
-
SHA512
65c135c70305d03dcf315a47e5ab5d09ae1d736481158686e6a13d2efc9869e15ff0e1e35040dd3a32c3e0bc559db88d1bc2732e27f456adde417dcbf46f0123
Static task
static1
Behavioral task
behavioral1
Sample
?????????? 1 +??????????.scr
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
?????????? 1 +??????????.scr
Resource
win10v2004-20220718-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
help@x-mail.pro
Targets
-
-
Target
?????????? 1 +??????????.scr
-
Size
335KB
-
MD5
ea54ac4b573864a58e912bc1296e6b3d
-
SHA1
cb0b48ec0e1c0da1b46e35c7fc7e498b6439a9ca
-
SHA256
82cc54a2d2620e98de7729569627dc794b4d53096f74e5b6fae2fdb227d63d1d
-
SHA512
712e6c66cd158ba9b112f3f00e612ea921b94c664f07a3124b45517d24a7eb6b75f9d0f4c3bc9f8c38af810f1659cefeec6af4dd4bcd3feba512848ed369e3ab
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-