Extracted

• • Target

    a235bb61d1eb9f2f39767b844c28086a4582e58afdca4678d309395f28a65a5b.bin.sample

  • Size

    3.5MB

  • MD5

    851a6706bd679387f197f552dae896bc

  • SHA1

    ee7d2cf647ee85becd133146b4f600f2fa6965e8

  • SHA256

    a235bb61d1eb9f2f39767b844c28086a4582e58afdca4678d309395f28a65a5b

  • SHA512

    ba586db7ec4cc3bf89f2e2ad037f1a36e139f55e125087a3840331bb7d47105cffb2d4e46b154fde07007f0e7b8be202fa76f0eca7636409f3c47484bd081a1e

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2