Overview

overview

10

Static

static

8

79afaaa7fa...e7.exe

windows7-x64

10

79afaaa7fa...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79afaaa7fa75217d4a771f7f83c5ef4ec7b3dcd9e85deb6767933524ef6b9ee7

  • Size

    297KB

  • Sample

    220731-fsgpzaafam

  • MD5

    b96d7569d68440a9d6fc2f33d8adcae7

  • SHA1

    6379a05b3645203df1ec815ee5e81e7aa98088e9

  • SHA256

    79afaaa7fa75217d4a771f7f83c5ef4ec7b3dcd9e85deb6767933524ef6b9ee7

  • SHA512

    3a69754f4884fd9a47e25f2067fcb4e2afbeeedfe3286ed6e1daeacffbf98692bf84ee6abdfcef83d5b7d7192b34c7652adfea6cd67c96c3556febf8d9d7f33e

Score
10/10
dharmapersistenceransomwarespywarestealerupx

Malware Config

Targets

    • Target

      79afaaa7fa75217d4a771f7f83c5ef4ec7b3dcd9e85deb6767933524ef6b9ee7

    • Size

      297KB

    • MD5

      b96d7569d68440a9d6fc2f33d8adcae7

    • SHA1

      6379a05b3645203df1ec815ee5e81e7aa98088e9

    • SHA256

      79afaaa7fa75217d4a771f7f83c5ef4ec7b3dcd9e85deb6767933524ef6b9ee7

    • SHA512

      3a69754f4884fd9a47e25f2067fcb4e2afbeeedfe3286ed6e1daeacffbf98692bf84ee6abdfcef83d5b7d7192b34c7652adfea6cd67c96c3556febf8d9d7f33e

    Score
    10/10
    dharmapersistenceransomwarespywarestealerupx

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks