Extracted

• • Target

    ffe6e42c82d8c30623ab735ece82b059c8f1da4fd137f248685adc016041c1b6

  • Size

    141KB

  • MD5

    df4dcbc3624d01093ecf5b7cda186d61

  • SHA1

    8d3647b0a618da55dfbc2d1164d049c5c5f034ae

  • SHA256

    ffe6e42c82d8c30623ab735ece82b059c8f1da4fd137f248685adc016041c1b6

  • SHA512

    5951787e108cd46a06cb86ef289b0068e815d4015afa1fe2f213904dcb857264c3608ab45501d9281a078f2c2629f3ab7023421fc36c9977fd88ef3771396301

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2