General
-
Target
ec377f8576e670dfd3cd359c83bde5183555c422c07b731cb745385eb0092d1a
-
Size
92KB
-
Sample
221014-errywafgfk
-
MD5
273c621be48f55a3919cf18c42f4477d
-
SHA1
0e66fcf95126735b554308d0b22bce646e1ef34a
-
SHA256
ec377f8576e670dfd3cd359c83bde5183555c422c07b731cb745385eb0092d1a
-
SHA512
a661a6c4227c7b86efd854a1f7a083256adfb06f34b78be56f4fb54380a643a1aa08ec3ea14e6d26e7da3f0c38c896c3fa79afdb60a8b7d952c31b07b24f032c
-
SSDEEP
1536:+Bwl+KXpsqN5vlwWYyhY9S4A/aFTOGpHaiGmGVeHuMBZR4JVY/Op5zC07K/9:Yw+asqN5aW/hLrGp6iG76uMduwOo
Static task
static1
Behavioral task
behavioral1
Sample
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Daniel22key@aol.com
Daniel22key@cock.li
Targets
-
-
Target
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc.exe
-
Size
92KB
-
MD5
c8436825a0549e82d500d7b5751c271f
-
SHA1
5eee3cc7bba61c9ecf2bfc4c88a5f7370d378ea0
-
SHA256
f608858af270c6b6956146e6c3ce0bc737916646e442784d5fb9c543c7ed09bc
-
SHA512
fe071ce3dd907d0d85271549b1f85b1136bc3de0e2e2a1fc2e420aaae2cb321de8a9ed46eb8f40a233007f802960e80878cb65f2e24df85e0d379de9ecf48c7a
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4A/aFTOGpHaiGmGVeHuMBZR4JVY/Op5zC07K/:Qw+asqN5aW/hLrGp6iG76uMduwO
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-