General
-
Target
e7c07f9ed71d4819d022fedbcb8bcc3162c368caa1ddad3838420b6bb73173e2
-
Size
218KB
-
Sample
220724-2fpeyabbcr
-
MD5
86e43b97d07548d1910a58c20058c74b
-
SHA1
f5d0274f1f1e28a6ce4928255a8f10cacfded006
-
SHA256
e7c07f9ed71d4819d022fedbcb8bcc3162c368caa1ddad3838420b6bb73173e2
-
SHA512
3269a54b317c477801064dd8a70da8fed69bc3c2b35f460824238bf24840235188c462a92c93404adf39f47b756b90d9a7eb471168d1b64e87fc6a1e14d230a2
Static task
static1
Behavioral task
behavioral1
Sample
e7c07f9ed71d4819d022fedbcb8bcc3162c368caa1ddad3838420b6bb73173e2.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
e7c07f9ed71d4819d022fedbcb8bcc3162c368caa1ddad3838420b6bb73173e2.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Targets
-
-
Target
e7c07f9ed71d4819d022fedbcb8bcc3162c368caa1ddad3838420b6bb73173e2
-
Size
218KB
-
MD5
86e43b97d07548d1910a58c20058c74b
-
SHA1
f5d0274f1f1e28a6ce4928255a8f10cacfded006
-
SHA256
e7c07f9ed71d4819d022fedbcb8bcc3162c368caa1ddad3838420b6bb73173e2
-
SHA512
3269a54b317c477801064dd8a70da8fed69bc3c2b35f460824238bf24840235188c462a92c93404adf39f47b756b90d9a7eb471168d1b64e87fc6a1e14d230a2
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-