General
-
Target
7719e02e7e9dd9_JC.exe
-
Size
92KB
-
Sample
230716-t3tzyage61
-
MD5
7719e02e7e9dd9df20d43cbac958b6c7
-
SHA1
58c047d3e971c35bbe3639bdf72c0c628b5d5583
-
SHA256
55a8e885381df93dbb7ea53a4b2c0c72d38fa26b477945fb0afd8b8873ce0189
-
SHA512
a0c09044e1fff9ed8fbc2211b819913465f86187a96d4d695cf48767ef6cf64f65d3f38f31e79f59daf7f43eff1bf2ead8b60293e3c158723063c6c4819032ee
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4AgIc8dl9W8olfymEF/cE5:Qw+asqN5aW/hLpXLUyms0M
Static task
static1
Behavioral task
behavioral1
Sample
7719e02e7e9dd9_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7719e02e7e9dd9_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
bakutomono@tuta.io
kabukimono@msgsafe.io
Targets
-
-
Target
7719e02e7e9dd9_JC.exe
-
Size
92KB
-
MD5
7719e02e7e9dd9df20d43cbac958b6c7
-
SHA1
58c047d3e971c35bbe3639bdf72c0c628b5d5583
-
SHA256
55a8e885381df93dbb7ea53a4b2c0c72d38fa26b477945fb0afd8b8873ce0189
-
SHA512
a0c09044e1fff9ed8fbc2211b819913465f86187a96d4d695cf48767ef6cf64f65d3f38f31e79f59daf7f43eff1bf2ead8b60293e3c158723063c6c4819032ee
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4AgIc8dl9W8olfymEF/cE5:Qw+asqN5aW/hLpXLUyms0M
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (402) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-