General
-
Target
40450fa3237ce2a72d863a74b4ef89df8266253a0b287adeff6de28cee17ae5f.bin.sample.gz
-
Size
67KB
-
Sample
231105-hl48ssbh4z
-
MD5
41d556706e28caf195a2e49a8d1769e2
-
SHA1
94161896107641a93112111506d536faf697b64c
-
SHA256
638339cde34aaed18ffdf6b90efe84b2d6cb53b48edd627de98e6a9ca139b00e
-
SHA512
9716d21f256155223d0a42647a7bf26f7b527740d08cb97de0dba0ae67417a9139c3c7704dff0cf4cde75f66f19dca10ed1441ab440fb0d5008b693938d22e64
-
SSDEEP
1536:UPHBPC328x1YbbI23lwSrfZPhUb347/BM+bGAmtb7GbdpLvGr:OPC32wYz3lwSTBhwI7y+iAmtk96
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
sample
-
Size
92KB
-
MD5
f545b712775a137be79e634c0848c55d
-
SHA1
48706bdc83eac3d036b668f2b08199c53270c10f
-
SHA256
40450fa3237ce2a72d863a74b4ef89df8266253a0b287adeff6de28cee17ae5f
-
SHA512
d5381665e5d3f1c471f2028d5556219480c0ff55c3884d00b36e86897d01e81894aa65d455c187a3eec6de35f3e7d3cc9c54dfd82eb626e4574ba47d20604de9
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4AF9TrjvfsoiZUb347/BM+bGAmtb7GDunvuuE0Arx:Qw+asqN5aW/hLNnEowwI7y+iAmtAuOr
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Renames multiple (310) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-