Extracted

Extracted

• • Target

    bug32.exe

  • Size

    92KB

  • MD5

    ba67dd5ab7d6061704f2903573cec303

  • SHA1

    f7ca4a5d4c8d24083b86ff0a5b102ad68e0c9e34

  • SHA256

    6b1f4df924fb0e5067df18dfc5063d409f3bf2ee0d14b381b3f583e0d0da3ae5

  • SHA512

    291ab3acb7e7619243baced30ceed24b65f76a7edc9e2d1eb875ebdf590b3321c40ec1a3d44c109ab6a8a29ad43268780fcdd0448227f8f0c62ba7bbaadc7452

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4AaEsY/ZlZI7teK7FiuiqhxVXf8lvLte23q9AH2:Qw+asqN5aW/hLnsqfcteK7VJAztb3qs

  Score

  10^/10

  dharmacredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Dharma family

    dharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (309) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2