Extracted

• • Target

    58e5387a57aa7a6feeeee884d9e908c73de48412b0036f1f4ea1b9570ce69c2a.sample

  • Size

    216KB

  • MD5

    1dfc1cf679e362a6ba6d0f3f7a92ba7e

  • SHA1

    2af4065eba0bd676c101e6d0ef2271e2a6865a68

  • SHA256

    58e5387a57aa7a6feeeee884d9e908c73de48412b0036f1f4ea1b9570ce69c2a

  • SHA512

    8786dd703b31ed761a2ba0431fb7a42f81c762ebe58918050c73596d3715f1c72d4cc6700edee8406bd1ba563a8c67eb5a1d1d50f8d1f2045a37a2ff62aff605

  Score

  10^/10

  dmalockerpersistenceransomware

  • DMA Locker

    Ransomware family with some advanced features, like encryption of unmapped network shares.

    ransomwaredmalocker

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2