Extracted

Extracted

• • Target

    b565c8e1e81796db13409f37e4bd28877272b5e54ab5c0a3d9b6a024e7f5a039.bin

  • Size

    92KB

  • MD5

    0c4cbf1cb8e5065f8df8c8adc4f80e84

  • SHA1

    fe9fa42f2cd4e261783b14b6cf9a28b51162590d

  • SHA256

    b565c8e1e81796db13409f37e4bd28877272b5e54ab5c0a3d9b6a024e7f5a039

  • SHA512

    c6e5215ae24f65b18235edfa5295c5dca94f4bba7357b74aa376a4f80efb55f1319b7b9a0e8ecca6788b286faf999a3dbc84a6d1c9f165238f721e5fff50e329

  Score

  10^/10

  ransomwarepersistencespywaredharma

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Modifies service

    persistence
  behavioral1behavioral2