Extracted

• • Target

    7da1eedc1d33ae42f326c4ac222a911c5a3bd1e9997b913fc550debf9b53a58c

  • Size

    253KB

  • MD5

    651a44b6585b8f178752dae7a8aeef57

  • SHA1

    2b81118b2ed620d26181a1e97decdb93c47b8ed1

  • SHA256

    7da1eedc1d33ae42f326c4ac222a911c5a3bd1e9997b913fc550debf9b53a58c

  • SHA512

    b6ac1947c4d36c2bdc357ecd4ceed4612046f524978579003d9e9e5ba0e5b95ee48420127020a50ecd6b665095a07b4ac2c116703cb3cdd242dd5ad50f488883

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2