Overview

overview

10

Static

static

3

52b973c029...JC.exe

windows7-x64

10

52b973c029...JC.exe

windows10-1703-x64

10

52b973c029...JC.exe

windows10-2004-x64

10

52b973c029...JC.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    230916-vxxdjsfa22_pw_infected.zip.zip

  • Size

    212KB

  • Sample

    240316-s9jl4sea7x

  • MD5

    5063226e561df8ac092e543ae72030fc

  • SHA1

    2c02f6dcfe30a92c829e373c1cd24f106f6bb20e

  • SHA256

    249bd41de9fc96914e98d104dd50d6e4a8184e6bba932ff394c1fe9d0c0f61dc

  • SHA512

    04afa73d7d67456312dfccabc352af624c8242cf4030b18b3daf87429f96d082a0740db9eab519a307b013336a6adc444c142204b1098e67b2b41f7d3e5d547a

  • SSDEEP

    6144:dnYHmMlUAWt4M48zyliwJA/oIfcm20BbTc:F5MlR3qWlik60m9Tc

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      52b973c029f230ba1049d1438ff7a960exe_JC.exe

    • Size

      440KB

    • MD5

      52b973c029f230ba1049d1438ff7a960

    • SHA1

      c7c8790cd93463fea65921abfb44a5ed81788ab5

    • SHA256

      a8987722e326199edfa57b05912e962115d7e408ece800b53ed84a78d6a195a6

    • SHA512

      7b3b7aff02e7e15c557c618abfd243bb3b6510914aa8b2ea1eef76186c2ef7045a3848cded0b4530c67c113824c5b066fbca18df0f8a09e3e76795947d458605

    • SSDEEP

      6144:LQkAFTZe+DD2/wNvGaNgmQPzSI58KP0Pt8piGijRTGJd9jB:kTFTZFDGwtGigBFeKP0Pt+iGEMTd

    Score
    10/10
    dharmapersistenceransomwarespywarestealer

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (291) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks