Extracted

Extracted

• • Target

    payload.exe

  • Size

    92KB

  • MD5

    23225afa88a61b262ee6bfe8a0b0b9bb

  • SHA1

    a360d8a90f35299dd37232ed9a1b7ac284e06e32

  • SHA256

    a49742e72ca26d37e26962ba7f2d929b87ddb6ce07f3304f78e9af499b226281

  • SHA512

    470898ca49f36928625d34878b9362193fa4a1051ef4a0e001dc325f71700d22366d66f781290930a9dcbc75d33b939e676342e7be5d95ee5c5bbefe9c92bf6d

  Score

  10^/10

  ransomwarepersistencespywaredharma

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Modifies service

    persistence
  behavioral1behavioral2