Extracted

• • Target

    1fb6c6be88080f6a91c33616a9aa4c839dbc1062a904eeacd9fd379a22962498.exe

  • Size

    3.9MB

  • MD5

    d52f9839ed53321c1fb460bfddb441a4

  • SHA1

    5431d1867669609fc408012f1881a972ad280fad

  • SHA256

    1fb6c6be88080f6a91c33616a9aa4c839dbc1062a904eeacd9fd379a22962498

  • SHA512

    7fe9adf88e2ce8b0b450864ef2a914452220238ef5d9fa996b8fd70b90fcb1fb1c988a6e35e1a67ae529218dc91c2407269915768b5e7536c1b9b0574d4ae217

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2