thanos | Archive[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Archive.zip
Size

2.2MB
MD5

66ae3c10e7ba411af4df0b32f9bf5d2b
SHA1

e6c71b31263073528aad067a34b84053ab24bd4d
SHA256

1b8621d6e97ce87a8a5664699d285f417a5a08c40fb658aac9178dc5a6d4826c
SHA512

2dccc0b980a507a07ea08c0612e524c45f41aceb12583e9cee9ee7ddb3278b9908a99c33c87271555771b3c89dedbce4daac27e6285c32426225f3e48138c546

Score

10^/10

thanos

Malware Config

Signatures

Contains code to disable Windows Defender 11 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
static1/unpack001/1e189b1013b6fc1b32514c7ff98962fc49563b9027798e71bc7755a525530514.bin.sample	disable_win_def
static1/unpack001/21dd66ef4b2d0bf877fd6386c3dbc43457f982f5f67eed23c8b7c34234cda448.bin.sample	disable_win_def
static1/unpack001/4fefb51009b09d77ae3300be1f350dd0d301cbaac75b50053dcf1a39673302b7.bin.sample	disable_win_def
static1/unpack001/5026eddb6f757aba5701d674a948372f2436756ee6a72c95228801a782f649cd.bin.sample	disable_win_def
static1/unpack001/50ece411c1c1a69d1c495e7aa6af8e812dfa08dfd987e096ce57707da1054f85.bin.sample	disable_win_def
static1/unpack001/551129c0d4dbeab8bef925857df93715036503429afedac79f5d8d1a1b9fcd5c.bin.sample	disable_win_def
static1/unpack001/58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.bin.sample	disable_win_def
static1/unpack001/5e998fa65c06064bc6207bbfcc92ba0ec86a56b7537064076000cbc24a7878eb.bin.sample	disable_win_def
static1/unpack001/7ea4ed64bd51eb40865c5ede7da7cf980a464db8087d95fec5a83885352c88b2.bin.sample	disable_win_def
static1/unpack001/936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd.bin.sample	disable_win_def
static1/unpack001/a3977fd383059a9833f42178061c0038754a19a76891aed5f38f36cd0300f709.bin.sample	disable_win_def

Thanos executable 10 IoCs

Processes:

resource	yara_rule
static1/unpack001/1e189b1013b6fc1b32514c7ff98962fc49563b9027798e71bc7755a525530514.bin.sample	family_thanos_ransomware
static1/unpack001/21dd66ef4b2d0bf877fd6386c3dbc43457f982f5f67eed23c8b7c34234cda448.bin.sample	family_thanos_ransomware
static1/unpack001/4fefb51009b09d77ae3300be1f350dd0d301cbaac75b50053dcf1a39673302b7.bin.sample	family_thanos_ransomware
static1/unpack001/5026eddb6f757aba5701d674a948372f2436756ee6a72c95228801a782f649cd.bin.sample	family_thanos_ransomware
static1/unpack001/50ece411c1c1a69d1c495e7aa6af8e812dfa08dfd987e096ce57707da1054f85.bin.sample	family_thanos_ransomware
static1/unpack001/551129c0d4dbeab8bef925857df93715036503429afedac79f5d8d1a1b9fcd5c.bin.sample	family_thanos_ransomware
static1/unpack001/58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.bin.sample	family_thanos_ransomware
static1/unpack001/5e998fa65c06064bc6207bbfcc92ba0ec86a56b7537064076000cbc24a7878eb.bin.sample	family_thanos_ransomware
static1/unpack001/7ea4ed64bd51eb40865c5ede7da7cf980a464db8087d95fec5a83885352c88b2.bin.sample	family_thanos_ransomware
static1/unpack001/a3977fd383059a9833f42178061c0038754a19a76891aed5f38f36cd0300f709.bin.sample	family_thanos_ransomware

Thanos family
thanos

Files

Archive.zip
.zip
0361e25d7f958c3e5f76eb62917004939f40c020e2303c97ab8be431199baa6f.bin.sample
.exe windows x86
121c11c4054bce9730e87051eb734241b787ed4b5523db2c1226c29776501717.bin.sample
.exe windows x86
16e6e08c37a95acc32a5f05db98e1dab07d52e3ab4ee415c67c8aaa006e8179d.bin.sample
.exe windows x86
1d4db8733c5f11ee8fca530aeb4a91069de04b1af64cbe1fa3ae2d3572a6e554.bin.sample
.exe windows x86
1e189b1013b6fc1b32514c7ff98962fc49563b9027798e71bc7755a525530514.bin.sample
.exe windows x86
2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample
.exe windows x86
21dd66ef4b2d0bf877fd6386c3dbc43457f982f5f67eed23c8b7c34234cda448.bin.sample
.exe windows x86
2d3d1b83067859ebb118ff1a99ac098806b65f566df094fad9a4debef4da911d.bin.sample
.exe windows x86
47b51b615fe22292caf30a30a4d4057cf57a283a61045190b2a2331b763b6125.bin.sample
.exe windows x86
4fefb51009b09d77ae3300be1f350dd0d301cbaac75b50053dcf1a39673302b7.bin.sample
.exe windows x86
5026eddb6f757aba5701d674a948372f2436756ee6a72c95228801a782f649cd.bin.sample
.exe windows x86
50ece411c1c1a69d1c495e7aa6af8e812dfa08dfd987e096ce57707da1054f85.bin.sample
.exe windows x64
551129c0d4dbeab8bef925857df93715036503429afedac79f5d8d1a1b9fcd5c.bin.sample
.exe windows x86
58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.bin.sample
.exe windows x86
5e088eb0eb669be278eeef2204005e705c88f5a215e985b53dc42b4f9853b4e4.bin.sample
.exe windows x86
5e998fa65c06064bc6207bbfcc92ba0ec86a56b7537064076000cbc24a7878eb.bin.sample
.exe windows x86
5fb35d559259cd85537265346901bb52083090489266608cef0a1c85de214aed.bin.sample
.exe windows x86
64e87f03329a114ee24b45296500e53df884170cbc3e9861261c03ce15d1afac.bin.sample
.exe windows x86
72a4953d71e007465eb75380ac11cef424111ac11ab5a8e691197a561d141756.bin.sample
.exe windows x86
7a6c211484aece911f0e4a80044fcb883ff92caac2822addfe72b84d56323281.bin.sample
.exe windows x86
7ea4ed64bd51eb40865c5ede7da7cf980a464db8087d95fec5a83885352c88b2.bin.sample
.exe windows x86
84f32905916d51dd011e0df8f98cc934b523a03b087cdf6b809659ec03adaf39.bin.sample
.exe windows x86
936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd.bin.sample
.exe windows x86
9bf0633f41d2962ba5e2895ece2ef9fa7b546ada311ca30f330f0d261a7fb184.bin.sample
.exe windows x86
__MACOSX/._0361e25d7f958c3e5f76eb62917004939f40c020e2303c97ab8be431199baa6f.bin.sample
__MACOSX/._121c11c4054bce9730e87051eb734241b787ed4b5523db2c1226c29776501717.bin.sample
__MACOSX/._16e6e08c37a95acc32a5f05db98e1dab07d52e3ab4ee415c67c8aaa006e8179d.bin.sample
__MACOSX/._1d4db8733c5f11ee8fca530aeb4a91069de04b1af64cbe1fa3ae2d3572a6e554.bin.sample
__MACOSX/._1e189b1013b6fc1b32514c7ff98962fc49563b9027798e71bc7755a525530514.bin.sample
__MACOSX/._2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample
__MACOSX/._21dd66ef4b2d0bf877fd6386c3dbc43457f982f5f67eed23c8b7c34234cda448.bin.sample
__MACOSX/._2d3d1b83067859ebb118ff1a99ac098806b65f566df094fad9a4debef4da911d.bin.sample
__MACOSX/._47b51b615fe22292caf30a30a4d4057cf57a283a61045190b2a2331b763b6125.bin.sample
__MACOSX/._4fefb51009b09d77ae3300be1f350dd0d301cbaac75b50053dcf1a39673302b7.bin.sample
__MACOSX/._5026eddb6f757aba5701d674a948372f2436756ee6a72c95228801a782f649cd.bin.sample
__MACOSX/._50ece411c1c1a69d1c495e7aa6af8e812dfa08dfd987e096ce57707da1054f85.bin.sample
__MACOSX/._551129c0d4dbeab8bef925857df93715036503429afedac79f5d8d1a1b9fcd5c.bin.sample
__MACOSX/._58bfb9fa8889550d13f42473956dc2a7ec4f3abb18fd3faeaa38089d513c171f.bin.sample
__MACOSX/._5e088eb0eb669be278eeef2204005e705c88f5a215e985b53dc42b4f9853b4e4.bin.sample
__MACOSX/._5e998fa65c06064bc6207bbfcc92ba0ec86a56b7537064076000cbc24a7878eb.bin.sample
__MACOSX/._5fb35d559259cd85537265346901bb52083090489266608cef0a1c85de214aed.bin.sample
__MACOSX/._64e87f03329a114ee24b45296500e53df884170cbc3e9861261c03ce15d1afac.bin.sample
__MACOSX/._72a4953d71e007465eb75380ac11cef424111ac11ab5a8e691197a561d141756.bin.sample
__MACOSX/._7a6c211484aece911f0e4a80044fcb883ff92caac2822addfe72b84d56323281.bin.sample
__MACOSX/._7ea4ed64bd51eb40865c5ede7da7cf980a464db8087d95fec5a83885352c88b2.bin.sample
__MACOSX/._84f32905916d51dd011e0df8f98cc934b523a03b087cdf6b809659ec03adaf39.bin.sample
__MACOSX/._936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd.bin.sample
__MACOSX/._9bf0633f41d2962ba5e2895ece2ef9fa7b546ada311ca30f330f0d261a7fb184.bin.sample
__MACOSX/._a3226832258f2a163c198feb56f39d9b24c1c1dd1a6422765524605154d124e8.bin.sample
__MACOSX/._a3977fd383059a9833f42178061c0038754a19a76891aed5f38f36cd0300f709.bin.sample
__MACOSX/._a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154.bin.sample
__MACOSX/._ad6b792c1e886156cd81586205a81aa92b9f256bd57cbcc527d194ae3f1b53d0.bin.sample
__MACOSX/._cb95eea8480812122734dc639636c414308411b1da60ed2b59017561579c669b.bin.sample
__MACOSX/._e01613395db5fe07f2021adad07a3b5348c9657fe579ecec7d3b5d4ac25764d3.bin.sample
__MACOSX/._e15f9169021b5e11381547d57a952b98e06f6366161d56083ff9be69fc43e9bf.bin.sample
__MACOSX/._e5211ef62f023a71cd5aa493f788198c2b97d6f79854f6e5f399893430e5ad0e.bin.sample
a3226832258f2a163c198feb56f39d9b24c1c1dd1a6422765524605154d124e8.bin.sample
.exe windows x86
a3977fd383059a9833f42178061c0038754a19a76891aed5f38f36cd0300f709.bin.sample
.exe windows x86
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154.bin.sample
.exe windows x86
ad6b792c1e886156cd81586205a81aa92b9f256bd57cbcc527d194ae3f1b53d0.bin.sample
.exe windows x86
cb95eea8480812122734dc639636c414308411b1da60ed2b59017561579c669b.bin.sample
.exe windows x86
e01613395db5fe07f2021adad07a3b5348c9657fe579ecec7d3b5d4ac25764d3.bin.sample
.exe windows x86
e15f9169021b5e11381547d57a952b98e06f6366161d56083ff9be69fc43e9bf.bin.sample
.exe windows x86
e5211ef62f023a71cd5aa493f788198c2b97d6f79854f6e5f399893430e5ad0e.bin.sample
.exe windows x86