Extracted

• • Target

    dora.exe

  • Size

    49KB

  • MD5

    17356ef8f161730156c221300ea3cf5b

  • SHA1

    25a05bd0a9a4167b7fd08feb44de269910701c82

  • SHA256

    18ba97ec9c00b85d27d9d20c62ef7bd9484ad68a33e2a2121a1bcbed19f2eacd

  • SHA512

    df964b7aac2dbbaf7a04e935dbb566e1207b0d11971f28bba9c0c136adeff475bec31c92e54be7d4da786f70d9cb339ff37e6a8f9196ceb16ab185cc956912cf

  • SSDEEP

    768:daQRff0B31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YADQT4J74:daD318HxZATvnsblYOJ

  Score

  10^/10

  defense_evasionexecutionimpactransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (8278) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Blocklisted process makes network request

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2