Dharma Ransomware - IOC


1) Ransomware Name - Dharma

2) Encrypted Extensions -
.dharma
.wallet
.zzzzz

3) Ransom Note File -
README.txt
README.jpg
Info.hta

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/&sa=D&ust=1499959783565000&usg=AFQjCNFab3sQZ3EloqL-R_4CDzxkNPlxYw


6) Screenshots -


7) Indicators of Compromise -
original_filename.[bitcoin143@india.com].dharma
original_filename.[worm01@india.com].dharma
original_filename.[pay4help@india.com].dharma
.[3angle@india.com].dharma
.[amagnus@india.com].dharma
.[base_optimal@india.com].dharma
.[bitcoin143@india.com].dharma
.[blackeyes@india.com].dharma
.[doctor.crystal@mail.com].dharma
.[dr_crystal@india.com].dharma
.[emmacherry@india.com].dharma
.[google_plex@163.com].dharma
.[mr_lock@mail.com].dharma
.[opened@india.com].dharma
.[oron@india.com].dharma
.[payforhelp@india.com].dharma
.[savedata@india.com].dharma
.[singular@india.com].dharma
.[suppforhelp@india.com].dharma
.[SupportForYou@india.com].dharma
.[tombit@india.com].dharma
.[worm01@india.com].dharma
3048664056@qq.com
age_empires@aol.com
aligi@zakazaka.group
amagnus@india.com
amanda_sofost@india.com
braker@plague.life
breakdown@india.com
crann@india.com
crann@stopper.me
crannbest@foxmail.com
cryalex@india.com
Cryptime@india.com
crysis@indya.life
danger_rush@aol.com
dderek@india.com
dderek416@gmail.com
ded_pool@aol.com
denied@india.com
destroed_total@aol.com
diablo_diablo2@aol.com
donald_dak@aol.com
dropped@india.com
enterprise_lost@aol.com
fedor2@aol.com
fidel_romposo@aol.com
fire.show@aol.com
first_wolf@aol.com
flashprize@india.com
fly_goods@aol.com
gotham_mouse@aol.com
grand_car@aol.com
gutentag@india.com
HelpRobert@gmx.com
ice_snow@aol.com
info@kraken.cc
injury@india.com
interlock@india.com
joker_lucker@aol.com
kuprin@india.com
last_centurion@aol.com
lavandos@dr.com
legionfromheaven@india.com
m.reptile@aol.com
m.subzero@aol.com
makedonskiy@india.com
mandanos@foxmail.com
matacas@foxmail.com
mission_inposible@aol.com
mission_inpossible@aol.com
mk.baraka@aol.com
mk.cyrax@aol.com
mk.goro@aol.com
mk.jax@aol.com
mk.johnny@aol.com
mk.kabal@aol.com
mk.kitana@aol.com
mk.liukang@aol.com
mk.noobsaibot@aol.com
mk.raiden@aol.com
mk.rain@aol.com
mk.scorpion@aol.com
mk.sektor@aol.com
mk.sharik@aol.com
mk.smoke@aol.com
mk.sonyablade@aol.com
mk.stryker@aol.com
mkgoro@india.com
mkjohnny@india.com
MKKitana@india.com
Mkliukang@india.com
mknoobsaibot@india.com
mkscorpion@india.com
MKSmoke@india.com
mksubzero@india.com
moneymaker2@india.com
nicecrypt@india.com
nomascus@india.com
nort_dog@aol.com
nort_folk@aol.com
obamausa7@aol.com
p_pant@aol.com
reserve-mk.kabal@india.com
sammer_winter@aol.com
shamudin@india.com
sman@india.com
smartsupport@india.com
space_rangers@aol.com
spacelocker@post.com
ssama@india.com
stopper@india.com
supermagnet@india.com
support_files@india.com
tanksfast@aol.com
terrabyte8@india.com
total_zero@aol.com
versus@india.com
walmanager@qq.com
war_lost@aol.com
warlokold@aol.com
webmafia@asia.com
webmafia@india.com
xmen_xmen@aol.com
zaloha@india.com




8) File Details -
the MD5 d32e4d8b4238cfcc793ec3b37cc9a875
the SHA1 aebeaf2c5175477161021c7123df120edb108b98
the SHA256 17b78fc69818c9cd55f67786c9859219adb52a2ef3baf2d781f1b84a05c838fd
ssdeep3072: 2ejs + doXUI2OFa / I / DIaFP3WXWomCLrK0EXqy + 66: 2eJZmI4VomCaB6m
authentihash  a0e7afe88c6f743be0dda6e8efa2e325e92d59eadb8a2fc441c3c7ed1715875a
imphash  b4466982c9bbae607de79978a9b9a32e
File size 137.0 KB (140288 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

the MD5 0acda76da95efac687b852050506d6bd
the SHA1 1ffd257dbeca59bcf638927be6c2ac684642b84a
the SHA256 3b8f1ead7f3c8390d3925d362c2a497cf9fa7247f308deb2932a7ca139451e5b
ssdeep3072: Q8Dsp + FNX1dFOvDlXJu1Sr6G7RsvVHkgvMscljp7zZ0Veg6h91XSeWYXbpSvpS0N: Q8dNXSE1Srf1GjUrdzZi6hfLWYX110Lx
authentihash  b243b7b67bbe37556a0bbdeb32831f45924ba26aaf0d6bb7bbf1b6329cf7d4bd
imphash  e160ef8e55bb9d162da4e266afd9eef3
File size 183.8 KB (188202 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments