General
-
Target
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
-
Size
92KB
-
Sample
221011-e22aasefgj
-
MD5
c8436825a0549e82d500d7b5751c271f
-
SHA1
5eee3cc7bba61c9ecf2bfc4c88a5f7370d378ea0
-
SHA256
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
-
SHA512
fe071ce3dd907d0d85271549b1f85b1136bc3de0e2e2a1fc2e420aaae2cb321de8a9ed46eb8f40a233007f802960e80878cb65f2e24df85e0d379de9ecf48c7a
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4A/aFTOGpHaiGmGVeHuMBZR4JVY/Op5zC07K/:Qw+asqN5aW/hLrGp6iG76uMduwO
Static task
static1
Behavioral task
behavioral1
Sample
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Daniel22key@aol.com
Daniel22key@cock.li
Targets
-
-
Target
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
-
Size
92KB
-
MD5
c8436825a0549e82d500d7b5751c271f
-
SHA1
5eee3cc7bba61c9ecf2bfc4c88a5f7370d378ea0
-
SHA256
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
-
SHA512
fe071ce3dd907d0d85271549b1f85b1136bc3de0e2e2a1fc2e420aaae2cb321de8a9ed46eb8f40a233007f802960e80878cb65f2e24df85e0d379de9ecf48c7a
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4A/aFTOGpHaiGmGVeHuMBZR4JVY/Op5zC07K/:Qw+asqN5aW/hLrGp6iG76uMduwO
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-