Extracted

• • Target

    559440f61d38495c433fea442a58b4831422d52a04da1ef7f8e43b17a736a8fd

  • Size

    10.0MB

  • MD5

    c8f1a1134ac0ccacb849b819e0435e11

  • SHA1

    ca4941cba333018c484418a42d7e2e3a6d2a380e

  • SHA256

    559440f61d38495c433fea442a58b4831422d52a04da1ef7f8e43b17a736a8fd

  • SHA512

    db570e14148c36db6eb8de41c48f65472ef83e18fa0804e39fd1e9b484f3d55240a447451c6d9b7149e58c4d714d91ddb4696c196e8008d8e3d4e31375a4504f

  Score

  10^/10

  demonwarepyinstallerransomwarespywarestealer

  • DemonWare

    Ransomware first seen in mid-2020.

    ransomwaredemonware

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops file in System32 directory

  behavioral1behavioral2