thanos | 936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd | Triage

Resubmissions

29-10-2021 14:51

211029-r8nn1aacaj 10

23-03-2021 18:12

210323-s8jdk5y98j 10

Sharing

General

Target

936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd
Size

296KB
MD5

6b2c7d5298c7fb8f4c4c3531894a91c1
SHA1

d7333af03603b27566ac8ab63d6aa21575e1ebb4
SHA256

936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd
SHA512

2555a572e9088ce58dce5bcaf1c0fca76727b6a1e1315ec0dbfe588a796faf1d083cb6ff3a6362f7c8075a4f321228c6227db7a3207fa557fff68e9fd4a3e114

Score

10^/10

ransomware thanos

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def

Detect the Prometheus's Thanos ransomware using the build ID and the Killproc strings. 1 IoCs

Detect the Prometheus's Thanos ransomware.

Processes:

resource	yara_rule
sample	ransomware_win_thanos

Thanos family
thanos

Files

936a35ca214e9be1438c67a1153c854c28054994ce43f1eed39bb9dc52cb54dd
.exe windows x86