Extracted

• • Target

    0a5ba8d248080666c7ea5bd9c325452fad055a00e194989a34bd816c26a62328.exe

  • Size

    612KB

  • MD5

    412ce7c1f8dd5dcfafb5c3af08297c65

  • SHA1

    fd98960ab8e7bfe92fc566237be4bc433332c3f3

  • SHA256

    0a5ba8d248080666c7ea5bd9c325452fad055a00e194989a34bd816c26a62328

  • SHA512

    10e654df43c193ae7786848093967092b0f7fc1bf61ef55e2edf77347acc029ee8dcce9c64a64922f846bcea0b33307e6dabd54ba196f0f2f027a88f3e213748

  • SSDEEP

    12288:/lTMgGurXwc8Xq1m3fdjQU+v4PN/CnBMj5qJwhq92hyuZCZh06H4FCd:/lTMgBrXwc8Xq1Cfdj/PN/IWyuZ+h

  Score

  10^/10

  ransomwarespywarestealer

  • Renames multiple (7784) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2