Extracted

• • Target

    20a2250d93226c25246b32f6dabbe7a876c60843e487c8e7aed76dd0aba23042

  • Size

    3.3MB

  • MD5

    0ab044581b75da84b0e929590638095e

  • SHA1

    1e907df240eadb3d27d145d50da9025d524728fd

  • SHA256

    20a2250d93226c25246b32f6dabbe7a876c60843e487c8e7aed76dd0aba23042

  • SHA512

    168120b07437e3e6664128f0e23f6792b714d3ffa41131f7027099c0a5bd2dc0b538dd53fedb4cfadbcb9ea07ebae75c67b0e8bd2c6054aa991a3bdf8e42dbb7

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2