General
-
Target
2023-12-29_43eb2adc4b1d22c5564764ce79e2105d_crysis_dharma
-
Size
92KB
-
Sample
231231-t9g9qaagfl
-
MD5
43eb2adc4b1d22c5564764ce79e2105d
-
SHA1
fcf5c8f18e0392ad814965f940c3f771aea53eab
-
SHA256
398785f9ad7532ad6d378fa0f23a79aff492561afca6adf8a7df13c71a37aec9
-
SHA512
8537af76b3c569f7b4199177413c9410de5f612e4240f05753389e0ed601bfa6477cf9739264bd27d659aecf326488ca8b8eee51976fe37d26441af87d314c74
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4AcFDbjzOx/8di/Laww8NOsC7okPpp3tb1:Qw+asqN5aW/hLKpjzOx/zzaH8UsC9PpB
Malware Config
Targets
-
-
Target
2023-12-29_43eb2adc4b1d22c5564764ce79e2105d_crysis_dharma
-
Size
92KB
-
MD5
43eb2adc4b1d22c5564764ce79e2105d
-
SHA1
fcf5c8f18e0392ad814965f940c3f771aea53eab
-
SHA256
398785f9ad7532ad6d378fa0f23a79aff492561afca6adf8a7df13c71a37aec9
-
SHA512
8537af76b3c569f7b4199177413c9410de5f612e4240f05753389e0ed601bfa6477cf9739264bd27d659aecf326488ca8b8eee51976fe37d26441af87d314c74
-
SSDEEP
1536:mBwl+KXpsqN5vlwWYyhY9S4AcFDbjzOx/8di/Laww8NOsC7okPpp3tb1:Qw+asqN5aW/hLKpjzOx/zzaH8UsC9PpB
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (313) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-