Extracted

• • Target

    c81917d8fe42d7d84686c3caedbb911d2d5dcbd2d1e0fec64b66b3301cad5a15

  • Size

    2.6MB

  • MD5

    e83823a144ac36854d9c007508c07e0a

  • SHA1

    4a9fa6364b55f85dca3ab6862a2fd73b67191098

  • SHA256

    c81917d8fe42d7d84686c3caedbb911d2d5dcbd2d1e0fec64b66b3301cad5a15

  • SHA512

    6bc9e7f553991c1a17eb842f00d4f6562f7a2b6df41d5fc8818aae02258b09f23d180a30b3b036e0161b1f810cfb3683b95d22c90d7552ada0444478af430d07

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2