Extracted

• • Target

    0e82ce1034e6276c8426dd2663d97b56abd439095198eb457021e0b17e1515af

  • Size

    92KB

  • MD5

    e656866b71cafc3cb4c43d0447d74216

  • SHA1

    8cebc9df06dd2bb493197a0a82dc6eb48cb68811

  • SHA256

    0e82ce1034e6276c8426dd2663d97b56abd439095198eb457021e0b17e1515af

  • SHA512

    a7b3fc13f9b437370332701b5217f45d2d987ebf418434e6fb9a4f2c3cba970f4680ee72a5dddf16a3953ab5711400e753298f1074be36e08e36b7f35f7fb35a

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2