Extracted

• • Target

    d4685c27c59c0a4cdf73553631692f4219901428ce53b92699770459bfcd0afb

  • Size

    140KB

  • MD5

    8b27c925e572714653a2275bd3e53010

  • SHA1

    d00ebd3241cbc8785bb9360686c7a67745651b6f

  • SHA256

    d4685c27c59c0a4cdf73553631692f4219901428ce53b92699770459bfcd0afb

  • SHA512

    605872bd214a51bed966898a772650b507525e79221e3d75658dbaebd8c570f00ed74551744b48d2dc6b268b69ba87b8859f39aea74fdc1a15fa01a7a308ca00

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2