Extracted

• • Target

    edf2a5884966065ed47411a82df4c2b41bbbd217ea568be99ab72f6c10f4c050

  • Size

    2.6MB

  • MD5

    6a998dc6f975da2f4e88849b03b34b13

  • SHA1

    56f7fea05977ed3a4b1b6fed4713a56008669e4b

  • SHA256

    edf2a5884966065ed47411a82df4c2b41bbbd217ea568be99ab72f6c10f4c050

  • SHA512

    8c4ade656335d3f9ca575bfb615f8cb36107bf5cbd5c47070e97a2818953062619d06dd03a911d5f4e176709273580e1d2370da6ff5cdb555ac42e1ed09a468b

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2