General
-
Target
624fc9dbcf5f1c92ee34202ce1ecad6f139b816d471531b6ea062da798652020
-
Size
271KB
-
Sample
221125-lxkv3shb24
-
MD5
c52198dd4ec25b0eea665e6e0a8d4dd7
-
SHA1
2ead1a996c1a63be93e91587103320bca38561ae
-
SHA256
624fc9dbcf5f1c92ee34202ce1ecad6f139b816d471531b6ea062da798652020
-
SHA512
3a6426a5e42723cb9c0153d8893e8f23694868d9905fe7945dfa245ec6e879770abf30fb5a3767a9c457627a80a90f3bd8d7c1cc65a127c42e61517d9e201d1f
-
SSDEEP
6144:z9os9pGaytIcctkrCOEKc9YBsq0tm/6zf5PYF+AHW4p+fBry+aVze2U:z9os9pGaQI76GhKcysfQSzRPYcAHt+uk
Static task
static1
Behavioral task
behavioral1
Sample
624fc9dbcf5f1c92ee34202ce1ecad6f139b816d471531b6ea062da798652020.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
624fc9dbcf5f1c92ee34202ce1ecad6f139b816d471531b6ea062da798652020.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
pexdatax@gmail.com
https://tox.chat/download.html
http://pexdatax.com/
Targets
-
-
Target
624fc9dbcf5f1c92ee34202ce1ecad6f139b816d471531b6ea062da798652020
-
Size
271KB
-
MD5
c52198dd4ec25b0eea665e6e0a8d4dd7
-
SHA1
2ead1a996c1a63be93e91587103320bca38561ae
-
SHA256
624fc9dbcf5f1c92ee34202ce1ecad6f139b816d471531b6ea062da798652020
-
SHA512
3a6426a5e42723cb9c0153d8893e8f23694868d9905fe7945dfa245ec6e879770abf30fb5a3767a9c457627a80a90f3bd8d7c1cc65a127c42e61517d9e201d1f
-
SSDEEP
6144:z9os9pGaytIcctkrCOEKc9YBsq0tm/6zf5PYF+AHW4p+fBry+aVze2U:z9os9pGaQI76GhKcysfQSzRPYcAHt+uk
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-