Extracted

• • Target

    bb1b5b72a867a401876a6ad6a9bcc1f4af9f4e4fdb568ef7ce2b812796b48c7a.bin

  • Size

    11KB

  • MD5

    f3d78f15bf85aa14f71979585d310ae7

  • SHA1

    1e73b89abd5e0e0e74291d5ebb4f10574a9ef2e2

  • SHA256

    bb1b5b72a867a401876a6ad6a9bcc1f4af9f4e4fdb568ef7ce2b812796b48c7a

  • SHA512

    ef251e35c6047df225d937b568ded6ad9ee8e72235fac6ce6c04e9287f01aad65c63ada7e65e304ac094029f0a768d2697c3960dde818f7cf0f73cd81283e087

  Score

  10^/10

  persistenceransomwarespyware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2