thanos | Archive 2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Archive 2.zip
Size

1.1MB
MD5

8a28ff9a7824a4b446720e405b80acf6
SHA1

6a6d05680726ea4edfe7e1b32cb312308ff4c9e3
SHA256

2481bcb7380b038e84a6052a3cc42fab8e791cf1dffaefe783398a843af68c22
SHA512

5a33f2eb6b861cab43a9eb39bc6ae7cb8b4a888b6ccdb8f4927c2dc49b23222bcfd90d2e861f53377fab97939b2d879e52bf1d63af440203dc1a7617c9398ef4

Score

10^/10

thanos

Malware Config

Signatures

Contains code to disable Windows Defender 3 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
static1/unpack001/79323434542bf442218be77d3982e167e118dc9954ce9ea1726db42bcac4d249.bin.sample	disable_win_def
static1/unpack001/b739791dd0b159c6c5c7a9f9b2f8ea7fc0c0c43c55561f94128e0863ac890424.bin.sample	disable_win_def
static1/unpack001/d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample	disable_win_def

Thanos executable 3 IoCs

Processes:

resource	yara_rule
static1/unpack001/79323434542bf442218be77d3982e167e118dc9954ce9ea1726db42bcac4d249.bin.sample	family_thanos_ransomware
static1/unpack001/b739791dd0b159c6c5c7a9f9b2f8ea7fc0c0c43c55561f94128e0863ac890424.bin.sample	family_thanos_ransomware
static1/unpack001/d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample	family_thanos_ransomware

Thanos family
thanos

Files

Archive 2.zip
.zip
0033c6e1db4b59f95b5261ecef244981e068c765f32616b26e23eddf99986454.bin.sample
.exe windows x86
02665fcf9c0ddfb2cd3e04d254f60c5a4453947f7c3df5480316a040c0c8686f.bin.sample
.exe windows x86
1c4b55fefcd78623a6724bb6c7779d0ef02ac20a6069cb9dbd91d753386606bb.bin.sample
.exe windows x86
48be948c3345e8c8b10c612a88eeee6bd1bf8af076092cf88268a268e889e698.bin.sample
.exe windows x86
714f630043670cdab4475971a255d836a1366e417cd0b60053bf026551d62409.bin.sample
.exe windows x86
79323434542bf442218be77d3982e167e118dc9954ce9ea1726db42bcac4d249.bin.sample
.exe windows x86
__MACOSX/._0033c6e1db4b59f95b5261ecef244981e068c765f32616b26e23eddf99986454.bin.sample
__MACOSX/._02665fcf9c0ddfb2cd3e04d254f60c5a4453947f7c3df5480316a040c0c8686f.bin.sample
__MACOSX/._1c4b55fefcd78623a6724bb6c7779d0ef02ac20a6069cb9dbd91d753386606bb.bin.sample
__MACOSX/._48be948c3345e8c8b10c612a88eeee6bd1bf8af076092cf88268a268e889e698.bin.sample
__MACOSX/._714f630043670cdab4475971a255d836a1366e417cd0b60053bf026551d62409.bin.sample
__MACOSX/._79323434542bf442218be77d3982e167e118dc9954ce9ea1726db42bcac4d249.bin.sample
__MACOSX/._aa3e530d4567c1511126029fac0562ba8aa4ead0a01aceea169ade3e38a37ea7.bin.sample
__MACOSX/._b6f774f46949d54a060dabf2d7d08eef9fd390091f419ce1a2b555bcd58b2d32.bin.sample
__MACOSX/._b739791dd0b159c6c5c7a9f9b2f8ea7fc0c0c43c55561f94128e0863ac890424.bin.sample
__MACOSX/._d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample
__MACOSX/._e1c46a96effc5df063cea2fae83306ae1f0e2f898b0d2ada86c48052be5fe8d3.bin.sample
aa3e530d4567c1511126029fac0562ba8aa4ead0a01aceea169ade3e38a37ea7.bin.sample
.exe windows x86
b6f774f46949d54a060dabf2d7d08eef9fd390091f419ce1a2b555bcd58b2d32.bin.sample
.exe windows x86
b739791dd0b159c6c5c7a9f9b2f8ea7fc0c0c43c55561f94128e0863ac890424.bin.sample
.exe windows x64
d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample
.exe windows x86
e1c46a96effc5df063cea2fae83306ae1f0e2f898b0d2ada86c48052be5fe8d3.bin.sample
.exe windows x86