dharma | 5671112c276673ee5c4630994ac0034927cee2aa05a32ca6950edbc80c56e7e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

VirusShare...d2.exe

windows7-x64

VirusShare...d2.exe

windows10-2004-x64

Resubmissions

12-05-2023 13:34

230512-qvjbpadc48 10

08-05-2023 17:48

230508-wdvw2sdf6v 10

Sharing

General

Target

VirusShare_5c36e305d926e55ef98d392176890cd2
Size

1.0MB
Sample

230508-wdvw2sdf6v
MD5

5c36e305d926e55ef98d392176890cd2
SHA1

64a15cdf89b6c8b85cba355b6944074614d810fd
SHA256

5671112c276673ee5c4630994ac0034927cee2aa05a32ca6950edbc80c56e7e8
SHA512

082855fadbe445ab1f582bb7773276c08bded82ecd00ae1651b620aa12e97315d01acea3cfbe99c504d6d74ce1cff471a4993ff8ebb93416df787cefa88baf1b
SSDEEP

24576:EoZZV7Uqi5inyhZQDkUzVDZJ2vH53GaJR38:HOqigyDQDZVq52wM

Score

10^/10

dharma discovery evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VirusShare_5c36e305d926e55ef98d392176890cd2.exe

Resource

win7-20230220-en

dharma discovery evasion ransomware

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

VirusShare_5c36e305d926e55ef98d392176890cd2.exe

Resource

win10v2004-20230220-en

dharma discovery evasion ransomware

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  VirusShare_5c36e305d926e55ef98d392176890cd2
- Size
  
  1.0MB
- MD5
  
  5c36e305d926e55ef98d392176890cd2
- SHA1
  
  64a15cdf89b6c8b85cba355b6944074614d810fd
- SHA256
  
  5671112c276673ee5c4630994ac0034927cee2aa05a32ca6950edbc80c56e7e8
- SHA512
  
  082855fadbe445ab1f582bb7773276c08bded82ecd00ae1651b620aa12e97315d01acea3cfbe99c504d6d74ce1cff471a4993ff8ebb93416df787cefa88baf1b
- SSDEEP
  
  24576:EoZZV7Uqi5inyhZQDkUzVDZJ2vH53GaJR38:HOqigyDQDZVq52wM
Score

10^/10

dharma discovery evasion ransomware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Disables taskbar notifications via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Drops startup file
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Indicator Removal on Host

File Deletion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmadiscoveryevasionransomware

behavioral2

dharmadiscoveryevasionransomware

© 2018-2024

Terms | Privacy