General
-
Target
4fffddcc02c74bfbf4f6c84e9467c6f702e2a0b51c51806c4c1f042b8dd578c0
-
Size
264KB
-
Sample
220719-r29ynafecn
-
MD5
915c29fe9261df54fdc84ec3bebc429d
-
SHA1
75a5e1e66eea7d3ae9119322c0807aa0d033b03b
-
SHA256
4fffddcc02c74bfbf4f6c84e9467c6f702e2a0b51c51806c4c1f042b8dd578c0
-
SHA512
b1307bb10ac6621ad303c9d75d75eec4446e34a8d8ad9705025785498f4c032f00c19bd36d356823f679fa55ef58cd620ca2533b35a55ead2f1bdb351f18bf0b
Static task
static1
Behavioral task
behavioral1
Sample
4fffddcc02c74bfbf4f6c84e9467c6f702e2a0b51c51806c4c1f042b8dd578c0.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
4fffddcc02c74bfbf4f6c84e9467c6f702e2a0b51c51806c4c1f042b8dd578c0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@fentex.net
admin@fentex.world
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@fentex.net
admin@fentex.world
Targets
-
-
Target
4fffddcc02c74bfbf4f6c84e9467c6f702e2a0b51c51806c4c1f042b8dd578c0
-
Size
264KB
-
MD5
915c29fe9261df54fdc84ec3bebc429d
-
SHA1
75a5e1e66eea7d3ae9119322c0807aa0d033b03b
-
SHA256
4fffddcc02c74bfbf4f6c84e9467c6f702e2a0b51c51806c4c1f042b8dd578c0
-
SHA512
b1307bb10ac6621ad303c9d75d75eec4446e34a8d8ad9705025785498f4c032f00c19bd36d356823f679fa55ef58cd620ca2533b35a55ead2f1bdb351f18bf0b
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-