Extracted

• • Target

    serenb.exe

  • Size

    3.4MB

  • MD5

    177417be748814f6168171a42545f9dd

  • SHA1

    9c8b988e66e0fe6f9dab69b1055e4ee200531094

  • SHA256

    47dbb2594cd5eb7015ef08b7fb803cd5adc1a1fbe4849dc847c0940f1ccace35

  • SHA512

    c90eebbd4663ffe4bec089e21e4f7c1a1441e21a2f78cc190b9ce85fd048bf46901aa74273695df7b6434887284a26d4fdaaf657cb5d9c5469574158adc351c2

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2