Extracted

• • Target

    winhost.exe

  • Size

    92KB

  • MD5

    127bebd839df1d611946f8f780b65900

  • SHA1

    9a13099be8d705f1092539423edec6c773b464e5

  • SHA256

    3ed05c9b2bec17e067eae1a52f65d2e06232e77c754d0608d39408482a38ff9f

  • SHA512

    6978bda069b05bcee630be6f0d139edd598172726e943ff26bf1f1356ba6bc7a7c332328da9dd9c46e9a2cfb467fa545490a561b8f1f040d15abf4fe0cdcc5dc

  Score

  10^/10

  dharmapersistenceransomwarespywarestealerxmrigminer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2