Resubmissions

07-07-2024 19:27

240707-x6hb4ayhre 10

07-07-2024 19:21

240707-x21ymsyhna 10

07-07-2024 19:18

240707-x1a1tsxaqr 4

General

  • Target

    https://github.com/Endermanch/MalwareDatabase

  • Sample

    240707-x6hb4ayhre

Malware Config

Targets

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

    • InfinityLock Ransomware

      Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (677) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.