Extracted

• • Target

    962ba4343c39b0c121f91e6cd68b3554fc3f47f4e2b3cbeb54906167ac0d8cdb

  • Size

    92KB

  • MD5

    5de0739811be42c9dcad2e1816f4dbb9

  • SHA1

    a153a47592efbdb276d5d9c8b9bd28c9ec04105b

  • SHA256

    962ba4343c39b0c121f91e6cd68b3554fc3f47f4e2b3cbeb54906167ac0d8cdb

  • SHA512

    6840cbd51e380499c4fb70648ab6cdd5b844d59ca4fd527fee7bf88db089ff906d5509229b7028e0458a4c39d1e9ba67021e05f4c2fdbcac12c8236369cb1413

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2