Extracted

• • Target

    6aabb6846532b8f7e33637deefd50689ba30193ee72d2742a6c94e8563efff35

  • Size

    535KB

  • MD5

    d7192628b80363c70246a0fe2f8b18f7

  • SHA1

    8b849968bafb4507ff655f4360d3167c0279edf7

  • SHA256

    6aabb6846532b8f7e33637deefd50689ba30193ee72d2742a6c94e8563efff35

  • SHA512

    c76b01a9b7c5c023a9ba676b540edbac4fb0bb3f84cb39e10b7b75f530ecdbefa68ae87b0895d0b3207833563f92af458e0e95dc9bce56d3371978e224259de6

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2