dharma | 79b8c026d2e90a16b4a585f38be231828bc9d52255948d4a7d9248bb25e882d1 | Triage

Sharing

General

Target

79b8c026d2e90a16b4a585f38be231828bc9d52255948d4a7d9248bb25e882d1
Size

428KB
Sample

230129-v4xynaff34
MD5

5cd725ccdd4a940bc19c9bcd69768798
SHA1

cb5c0c4ed17bc9dd83c85777ecb2f37ec060c50d
SHA256

79b8c026d2e90a16b4a585f38be231828bc9d52255948d4a7d9248bb25e882d1
SHA512

3ac834a0b1e9d9693e5e598c8132d1e33594415be90ee6ba321144c4128bedbfefd0420926729d5e8469ee616ed986b03f8a1c822704ff9537fe17ce7cfa4605
SSDEEP

6144:U9nXFNky+V6KJZ5IP9zHX00YXoOzlVTnHHZVaAG72I+rpuTPoeSyaY9B:UlXFNky+V6KPOVQ9LzTHZV4axaPogVL

Score

10^/10

dharma persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  79b8c026d2e90a16b4a585f38be231828bc9d52255948d4a7d9248bb25e882d1
- Size
  
  428KB
- MD5
  
  5cd725ccdd4a940bc19c9bcd69768798
- SHA1
  
  cb5c0c4ed17bc9dd83c85777ecb2f37ec060c50d
- SHA256
  
  79b8c026d2e90a16b4a585f38be231828bc9d52255948d4a7d9248bb25e882d1
- SHA512
  
  3ac834a0b1e9d9693e5e598c8132d1e33594415be90ee6ba321144c4128bedbfefd0420926729d5e8469ee616ed986b03f8a1c822704ff9537fe17ce7cfa4605
- SSDEEP
  
  6144:U9nXFNky+V6KJZ5IP9zHX00YXoOzlVTnHHZVaAG72I+rpuTPoeSyaY9B:UlXFNky+V6KPOVQ9LzTHZV4axaPogVL
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomwarespywarestealer