General
-
Target
038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6
-
Size
92KB
-
Sample
200911-cppdy37nne
-
MD5
88f7e8884d0a2aea195a67aa89c089c9
-
SHA1
3271ef30b4463debab5563c49a79f7b9cfa4988f
-
SHA256
038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6
-
SHA512
83248136deb6602c0d305d93bacdfaec6727d0a3c0469d169ec13443bb5799d9d9b061b1748c6a3db1ac55809ef37df9ed25f1344b89e0a32645c5489f807a3d
Static task
static1
Behavioral task
behavioral1
Sample
038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
xmmh@tutanota.com
xmmh@tutamail.com
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
xmmh@tutanota.com
xmmh@tutamail.com
Targets
-
-
Target
038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6
-
Size
92KB
-
MD5
88f7e8884d0a2aea195a67aa89c089c9
-
SHA1
3271ef30b4463debab5563c49a79f7b9cfa4988f
-
SHA256
038e577d25d5b9237fbbef6080f53f462b01e75f83449bf0020ef0b14f371ac6
-
SHA512
83248136deb6602c0d305d93bacdfaec6727d0a3c0469d169ec13443bb5799d9d9b061b1748c6a3db1ac55809ef37df9ed25f1344b89e0a32645c5489f807a3d
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-