Extracted

Extracted

• • Target

    208a1s0ssssd7da.exe

  • Size

    717KB

  • MD5

    a4c95ee17c345157e1594f77a1b522b3

  • SHA1

    da89ee243a11cc32e5aa02fe6300a4706acf6f3e

  • SHA256

    1bfc4e6537ac20b91b3262894c94d21caa6af39d9dabe31c48f198c26dacdc8a

  • SHA512

    4e455e8bd374ce61a6ff85d5e4f8ee848a29a12228834ba9e8ff8cdb61b2c865d3d8bb42eda50486a83327ae65e6e14a36140467f0b78cb48e56e40b1bae1ad3

  Score

  10^/10

  ransomwarepersistencespyware

  • Modifies Installed Components in the registry

    persistence

  • Registers COM server for autorun

    persistence

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Drops desktop.ini file(s)

  • Enumerates connected drives

  • Modifies service

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2