Extracted

• • Target

    New Folder/4payload.exe

  • Size

    92KB

  • MD5

    63bbecf45b1ab3ef7279437196e8efc8

  • SHA1

    0d5c27e2cd011575272f44c183d2b08d2fe605f8

  • SHA256

    03a60420fa66565c694430d37b6fdcaf779f3d0ac4ccf2e7aa255297ed3384df

  • SHA512

    47c41f80cadd1182729ec8d0ab8d20a7138e2320a7673eb8bd562cd82684cfd01bb28e34638d72288a50dafdcfa9118cbf55d2f08ee31041ce7f554fd26ae526

  Score

  1^/10
  behavioral1behavioral2

• • Target

    New Folder/Info.hta

  • Size

    2KB

  • MD5

    0f1db7de9cd11e125f1729eb29e36992

  • SHA1

    01ea623dc152c6d62d4cf0bde07948b000c8f694

  • SHA256

    9f5c0e9e60f854578ff66aad4ef06e231f01d96c2c11fe4d770579d5229ac5d6

  • SHA512

    3bbb67f7779bed5145138137d1f186babc44ef78c76d0f91b400d45cff90819c5c268bdd4267d2b4bf2167e21c9b815b7481034db6c77eb1b6a8894ae04dc5f8

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral3behavioral4