Extracted

Extracted

• • Target

    2c487a43ae6091d64f09bcfb1baa8b43fb502e9c9fc34f828cebfe251d9ad1f5.bin

  • Size

    92KB

  • MD5

    c8ebe6f4b11dbc59aade73500887c200

  • SHA1

    ab1750df17d1a2ccc992833550eacac199e47a7d

  • SHA256

    2c487a43ae6091d64f09bcfb1baa8b43fb502e9c9fc34f828cebfe251d9ad1f5

  • SHA512

    687e0ed5d0f777ff77ee36f341f176cdd25136e82e5d79a0b4f20c19d375841c62adf7dfe9c0742b874d8cc7f12ad2487040761095a2c513c0c0ed6b0e72fe30

  Score

  10^/10

  ransomwarepersistencespywaredharma

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Modifies service

    persistence
  behavioral1behavioral2