dharma

General

Target

241013-j4ss6a1bnn_pw_infected.zip
Size

4KB
Sample

241013-mc9jdawdmp
MD5

354f077f8f8d1ec1f9f6996408dde5dd
SHA1

11ab6eda31020745f43beabe581d67ea9c7c6823
SHA256

83d07e68ea4d6d5a4cc9c927100d0e036e8bc3a7fa592a2bc720864e00e2609a
SHA512

ecb1a47892b6367317480aac404077564315561bdd0d3dcd4a5924b337091bbe79718bfc88313b14b47f02ab60dcc511e9f0f884ee83202241e88248fe599ae4
SSDEEP

48:9NXn0ZYSdXNvF5QYkuS7J3Xw7UkUjzm/nobYaIiQvVN21nSgw8CIWbIOSQUWizAL:PkZY8XH5QYTSJXw4i/33v3ajwf2h8PD

Score

10^/10

Malware Config

Targets

- Target
  
  241013-j4ss6a1bnn_pw_infected.zip
- Size
  
  4KB
- MD5
  
  354f077f8f8d1ec1f9f6996408dde5dd
- SHA1
  
  11ab6eda31020745f43beabe581d67ea9c7c6823
- SHA256
  
  83d07e68ea4d6d5a4cc9c927100d0e036e8bc3a7fa592a2bc720864e00e2609a
- SHA512
  
  ecb1a47892b6367317480aac404077564315561bdd0d3dcd4a5924b337091bbe79718bfc88313b14b47f02ab60dcc511e9f0f884ee83202241e88248fe599ae4
- SSDEEP
  
  48:9NXn0ZYSdXNvF5QYkuS7J3Xw7UkUjzm/nobYaIiQvVN21nSgw8CIWbIOSQUWizAL:PkZY8XH5QYTSJXw4i/33v3ajwf2h8PD
Score

10^/10

defense_evasion discovery evasion persistence privilege_escalation ransomware spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Renames multiple (187) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Software Applications Incorporated
- Size
  
  14KB
- MD5
  
  0094392d535f9b77c3f2c4a890a1eda8
- SHA1
  
  c710a3807254cf7de78890fe95a9bf369272d0af
- SHA256
  
  2884f9f230e488f191a902690969194e3a8df46992dff77d58fd4f87f3772a06
- SHA512
  
  ff07acc6f1958ff9466c6ef3accf3276132b7146928cfa8974118218521f9b146e7e506745d7681415890cd4737e936c18dd68b9d2db717d1fc8f84e2e1f379f
- SSDEEP
  
  192:B80FwQXjU1ucUPp6tEgGldd+bHdHMcNeuvjWuS+lOETUH4NeB:B80joupoDIWU5
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral2
- Target
  
  attachment-2
- Size
  
  12KB
- MD5
  
  356a272154bce7fd997781b61251bf2a
- SHA1
  
  6333c7aeda73a5d964e75dfd60259f3d8defd144
- SHA256
  
  1b1d5d301f64a6b456b1c12da329601c00f8b6ecd538ab40584612b9c0f05c5d
- SHA512
  
  b704688ea4cf0d96abea73f047680012015dc771508102805a2eb267a8de134e13d30f906f8379fa9d6aa7bd637c008fcd7a3c6196ac55a4a1864c75b6acc2ee
- SSDEEP
  
  192:5QXjU1ucUPp6tEgGldd+bHdHMcNeuvjWuS+lOETUH4Nec:SoupoDIWU0
Score

1^/10
behavioral3
- Target
  
  email-html-1.txt
- Size
  
  1KB
- MD5
  
  d20059d90b85457b0c7aff02f3a9c96f
- SHA1
  
  a425655c81499796502513ca34aa9c8efa677f63
- SHA256
  
  835a52f35127669639793bc28cd949e2cddcaf41f860baf44fae54f786608f03
- SHA512
  
  4dbc3dbbe8e14502bc3114eb5f0bd1b306158a5048a7704f4a10f2e9fd3936012f2612d4d85372de738570b9efba2715046ca83685abc9c3a00d764efe42b2c9
Score

10^/10

dharma defense_evasion discovery persistence ransomware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral4