Extracted

• • Target

    b3984a2de76eee3ad20c4b13e0c0cbbab2dd6db65e3f6ca34418e79c21cf5c39.exe

  • Size

    92KB

  • MD5

    b178705190001fcb012000eed9ba33d2

  • SHA1

    db6d85f58ad3e6ebb62d92be1dbe7741023a1e7b

  • SHA256

    b3984a2de76eee3ad20c4b13e0c0cbbab2dd6db65e3f6ca34418e79c21cf5c39

  • SHA512

    b099931aececa1f2468140da13bf8defa9075f812919acc7d9f36d8c2e5d201f2282d02238a4b77dd6c70001c3583dd0581e84bfa2bccc6add13f48c4ec28306

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4A25CONwm4+SCuIlzbU4l5c4Ci/6:Qw+asqN5aW/hLSNwi/xY4lu4Ci

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2