Extracted

• • Target

    87967600b0f6026f97093416dcd7ec38f740adaf84757255c179180873b41177

  • Size

    3.8MB

  • MD5

    32bd8e6843879a761e6fa9436a90bb66

  • SHA1

    26dde522d6f3f87ac982495028494c7f50799696

  • SHA256

    87967600b0f6026f97093416dcd7ec38f740adaf84757255c179180873b41177

  • SHA512

    c7e437c61980385ce57fe2a0dc0988aeba4609ac1ac7b7c07951c10c6bc38772c7ad1442571ab6409c8ea04991844e7ad95b5a9b35e31996f7aad9db4020716f

  Score

  10^/10

  evasionransomwarespywarestealertrojanhive

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2