Extracted

• • Target

    195441de009c9ce6d469e8b150a5f5cbe3a91cef7cdbeca7d7dfb11205af6074

  • Size

    121KB

  • MD5

    ab63a7a89035d0d5239ae04b4c4199a7

  • SHA1

    6393431048f88dc34cd87bd5ef0926de72c8f196

  • SHA256

    195441de009c9ce6d469e8b150a5f5cbe3a91cef7cdbeca7d7dfb11205af6074

  • SHA512

    b00f9e68792b5428866e7c04fdfce2d789face0e62877421f3c6967e009eae947dab67ab73a842f1d73e2c4aaf9234b4e7b2f2198027c40df916ce86665c0cf0

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2