Extracted

Extracted

• • Target

    4ea468d8b8015903bba0103eec44f772492a93c3d345d81bae253a492d8b1f51

  • Size

    424KB

  • MD5

    627e7f4f2a1e8436da14489e7215b7da

  • SHA1

    d72ecb51d1a6a0f18f0939c37ed06a0b90b50a0e

  • SHA256

    4ea468d8b8015903bba0103eec44f772492a93c3d345d81bae253a492d8b1f51

  • SHA512

    da583a7ff28f0aa65ac360e66717e7b53fe911cdabc592fde03e914b21cb18f703c45f3f59045f32af4f686bec841651849f97ddfd2e4155f1577b12b35f9c97

  Score

  10^/10

  teslacryptpersistenceransomwarespywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2