Extracted

• • Target

    IMRML1~1.exe

  • Size

    42KB

  • MD5

    fe21e1480d540be38df0935c0547bd96

  • SHA1

    309ae9f6f193a64d107ef5667355c17587d46832

  • SHA256

    0c49eaabb6a4a0d82a45e26b05251b2a09dd41be1e746e2e77ebc82f0b5f09a2

  • SHA512

    72922e72412d499f89e80db9e38c8f263d0b301b18c886b317aff2aca3099ddb307facb5ba235a362dae4bcef8d448fb78a2903d7a144dfd71e9fd4a0261f22c

  Score

  10^/10

  ransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2