Extracted

• • Target

    a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154

  • Size

    62KB

  • MD5

    131a20e9f579bc9f7dd9832b4c5f25bd

  • SHA1

    83979db718962e3a0b45e5f70320fe5b4f009b7c

  • SHA256

    a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154

  • SHA512

    92e83892f635efb13d6f268ccab884b2079451a82a1e53a8482c632e126b14d3453c5ab17463d55b4cd2341d6b44034eb523867258932a9cd47deba435494f1c

  Score

  10^/10

  hakbitransomwarespywarestealer

  • Hakbit

    Ransomware which encrypts files using AES, first seen in November 2019.

    ransomwarehakbit

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2