General
-
Target
1332c6a24d7aec783e213779619bdfce64cafe79ffb0267ac0c578455bef1a24.zip
-
Size
92KB
-
Sample
221014-ea3n2sfaa9
-
MD5
8f1ebbcbdf8bc826852d06270494fbc5
-
SHA1
d1eae57063d8a5cb242699a326a5d8e80adaa53e
-
SHA256
1332c6a24d7aec783e213779619bdfce64cafe79ffb0267ac0c578455bef1a24
-
SHA512
4e060f2d69fa2c6b3ce5f50a324f96ca1685ceafbdb7e045c154d4d1dcc781e6962c871bd5b2e3113403bc4a1c00e9d71162c4042176fa2f3d55256dfffc5ae2
-
SSDEEP
1536:RBwl+KXpsqN5vlwWYyhY9S4AquHHE1ef4BtydBESCU6ZRUBrIXCRm+vAv:7w+asqN5aW/hLRHka0ydBESkH9XUmiAv
Static task
static1
Behavioral task
behavioral1
Sample
92c65e95b508ffacd2d7a36957599eb2d930a0d1a8b76a5c4551ee6e9d4da67e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
92c65e95b508ffacd2d7a36957599eb2d930a0d1a8b76a5c4551ee6e9d4da67e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
cyberpunk@onionmail.org
cyberpsycho@msgsafe.io
Targets
-
-
Target
92c65e95b508ffacd2d7a36957599eb2d930a0d1a8b76a5c4551ee6e9d4da67e.exe
-
Size
92KB
-
MD5
8ce606be5e21897d0c2c27c9cc403d37
-
SHA1
35282d2247a0ab9840aa4e709faf4c1766c329cd
-
SHA256
92c65e95b508ffacd2d7a36957599eb2d930a0d1a8b76a5c4551ee6e9d4da67e
-
SHA512
1fec16d69e41833cefe39ee4976f4da1946d18d24ff5e2a0bc86d1b897ac78f38668fe7702997ef84f8f30c5a8d2fad847b1f66e86ee9fda7e13ed53d1cec51b
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4AquHHE1ef4BtydBESCU6ZRUBrIXCRm+vA:Qw+asqN5aW/hLRHka0ydBESkH9XUmiA
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-