Extracted

• • Target

    56c72444a610c757a3ff81d991681a51c42e5e839dbaeaf15887f075cde83747

  • Size

    3.5MB

  • MD5

    d63d3afed4c1975a7e31906e0e163305

  • SHA1

    b3f4e45ef92c5ec76bfdaeb3a19071db65ddd7c0

  • SHA256

    56c72444a610c757a3ff81d991681a51c42e5e839dbaeaf15887f075cde83747

  • SHA512

    3c92f0cb5e63620919d7ab412741396fb0f65558a621c4328a69a33ada732f80d03548d3cd88734cd4bc038a7b7c240ecfe61a1f56ead387f04c700fe7d6c1be

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2