Static task
static1
Behavioral task
behavioral1
Sample
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe
Resource
win10v20210410
General
-
Target
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
-
Size
416KB
-
MD5
21fa6ebdd397f14bbb68a4e3d012467e
-
SHA1
0ecff2f818565e7eb28d3a7b7d295459a868e920
-
SHA256
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
-
SHA512
368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
Processes:
resource yara_rule sample disable_win_def
Files
-
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe windows x86