General
-
Target
acdef64bfc298f59ed5033ff3b8b7e36_crysis_JC.exe
-
Size
92KB
-
Sample
230827-smfa6sag29
-
MD5
acdef64bfc298f59ed5033ff3b8b7e36
-
SHA1
4db6303b746a796f216f7166f19a05a63e1d654d
-
SHA256
f0293711a8c78a638c60cd57874b3b5db52701b7b5e3ff32f309d1f2160c48b9
-
SHA512
6b12939ab6aa92fcee3b9523aa6bea58bce5dadf5fed94e294fd3e8539cc44860f0be0c86acca15343624367ef71bc1e3c8d7624db2328cd249b796db2fada32
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4A/O3DqNZogLKE+dC9AxJGUFVL:Qw+asqN5aW/hLdO3UZPKJdC9AvfL
Static task
static1
Behavioral task
behavioral1
Sample
acdef64bfc298f59ed5033ff3b8b7e36_crysis_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
acdef64bfc298f59ed5033ff3b8b7e36_crysis_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
datukraine@tuta.io
datukr@onionmail.org
Targets
-
-
Target
acdef64bfc298f59ed5033ff3b8b7e36_crysis_JC.exe
-
Size
92KB
-
MD5
acdef64bfc298f59ed5033ff3b8b7e36
-
SHA1
4db6303b746a796f216f7166f19a05a63e1d654d
-
SHA256
f0293711a8c78a638c60cd57874b3b5db52701b7b5e3ff32f309d1f2160c48b9
-
SHA512
6b12939ab6aa92fcee3b9523aa6bea58bce5dadf5fed94e294fd3e8539cc44860f0be0c86acca15343624367ef71bc1e3c8d7624db2328cd249b796db2fada32
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4A/O3DqNZogLKE+dC9AxJGUFVL:Qw+asqN5aW/hLdO3UZPKJdC9AvfL
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (310) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (482) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-