Extracted

• • Target

    9797a79f00fe9d147bf3a649a54019e9c3763ea1a90d9015774439f9cd5e971c

  • Size

    2.7MB

  • MD5

    9be36e26502078b2ce42beb735e96673

  • SHA1

    d972bec085901c3257a3df2ef02e9555c57d9b9a

  • SHA256

    9797a79f00fe9d147bf3a649a54019e9c3763ea1a90d9015774439f9cd5e971c

  • SHA512

    7ad070596f29d7e10adfc271a1c2ae1dab9aefd08c3788834135a4bbdce456d0980dd8b5c47aef14968eb9cc68a992cc94ba3c0c12aac4ff476804e9943817df

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2