Extracted

• • Target

    ea6ee7a35e964b84c59eba34384ea9dd6aa1e951a2d9424f5991b364a7d685bf.bin.sample

  • Size

    3.3MB

  • MD5

    088d3ae9987d71943bb9fe8ade03d531

  • SHA1

    3655abd5bf714276b6b2e8a46cf81c7331fa773e

  • SHA256

    ea6ee7a35e964b84c59eba34384ea9dd6aa1e951a2d9424f5991b364a7d685bf

  • SHA512

    522a2622df3d58a8b7e5e8b2cf1eb9869bc418b0c78928c50039d30adaa4bc8594104672480d613f99b10ff4bad58bc0ecd0fbe9d1d95526baed49ab2138a471

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2