Extracted

• • Target

    7987a020052048ad0ec8855c08df2f47c89922f.exe

  • Size

    4.0MB

  • MD5

    b9e6c1b99a3ea13196a7245d87c1743a

  • SHA1

    7987a020052048ad0ec8855c08df2f47c89922f5

  • SHA256

    eba2f0afd491ee595cd6908494e9e2a2115ed71c053c6d7b94970f1985830ada

  • SHA512

    5ea96c8de41f3f3c219044f8b331f10cbdc79e65c331828625885706dabd17ddb2ce52dc14510397214ba901268cb2f55177da61b9f257a91a42e31e1fa22579

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2