General
-
Target
16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1.7z
-
Size
874KB
-
Sample
220112-x5zvradgek
-
MD5
45de841542f53d40ee6da66e0af6b227
-
SHA1
540eb9995a9ba40823a2e249f4eb515e901538f9
-
SHA256
d435a055b77b9cfa3281fe7219bb5b276cc685ba2f306c33a6cfe180ab232434
-
SHA512
9c7a0d94cb0741bc739a571056006680de06366b44419a1666e417a62593798589472c43cf6355f7ce235878c73e0e06b61393934870182e05da575f9e50a512
Malware Config
Extracted
C:\JZRG_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1
-
Size
2.7MB
-
MD5
8486072a80d4cef5b18407ffa74a965d
-
SHA1
b3bbdd7d990092b8545c04bf6cea5572c1d1cb4c
-
SHA256
16d0c9651cae4ca2641f9e875be9f7b39737292eede7a7870b6081922f40b4b1
-
SHA512
dea0bc47c7b3b178e128d2349ede55d7c13cd5884ce49a178668b9e0a527f2f415eef432a5523c8c129436e37d8a7f424ce0dbebf95b89e22a9d7a1c15c083e5
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Hive
A ransomware written in Golang first seen in June 2021.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-