Extracted

• • Target

    de6717de7bd1daa595c0b00887c25f05

  • Size

    8.3MB

  • MD5

    de6717de7bd1daa595c0b00887c25f05

  • SHA1

    f70cc94796e6f89499a3958d7fd2001e50a984f0

  • SHA256

    95cfd76bfea8839d2c545cc10d1c94131868471d51ccb8a4525058f591f92b44

  • SHA512

    eca079d83bd0c0e57e64479dcaf4437c0029a13e1506d117a6f4a139439e4dfacc2b5271822d8b1fc08219bebee9f2c788284290f74aca3d0ac77184e804303b

  Score

  10^/10

  demonwareransomwarespywarestealer

  • DemonWare

    Ransomware first seen in mid-2020.

    ransomwaredemonware

  • Drops file in Drivers directory

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops file in System32 directory

  behavioral1behavioral2