Extracted

• • Target

    400743b945a4341559734ca144be4a96d325b9cb76169a5c43e82b21d3c59278

  • Size

    3.4MB

  • MD5

    748281385a89ef70a5edfd92524d4352

  • SHA1

    133e478af4b36359f51e3d4e5de58401fb8ec179

  • SHA256

    400743b945a4341559734ca144be4a96d325b9cb76169a5c43e82b21d3c59278

  • SHA512

    9086f75237f1acfa6dc62243af54bf888d9c69ed9f53d91f2af25c229499279e25691cf4c58e5b03d0feb74618719fd94411d8bc78e81bb4daa0a0d853befcba

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2