Extracted

• • Target

    cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52

  • Size

    2.5MB

  • MD5

    9c156aff00fc0ac66ed918d000041932

  • SHA1

    f2fc2bade3f0447ff68bf2c00dadcce1a966b4a0

  • SHA256

    cd1f5c8ec7be164ae3d70ca50c118e9a270996f9f20c51ede383a96d849c9c52

  • SHA512

    43834c400a1a4fb83db8c16332345c86b1e568d45944b31721e9098f00dfe3be731d0661c02e103a4179cf8f35771d842d4dfa36aefd1a60f6577448f2600b02

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2