General
-
Target
2024-02-19_5384c6825a5707241c11d78529dbbfee_hive
-
Size
3.3MB
-
Sample
240219-t3ev1sgb8z
-
MD5
5384c6825a5707241c11d78529dbbfee
-
SHA1
85f5587e8ad534c2e5de0e72450b61ebda93e4fd
-
SHA256
3858e95bcf18c692f8321e3f8380c39684edb90bb622f37911144950602cea21
-
SHA512
856861295efb9c1b0000b369297cf6905a277c2d7dd0bc238f3884cd22598055450bf0459d68441f135bb77150685a86707ea9320a37e10548b40185f09b961f
-
SSDEEP
49152:HJ9mQ5uetkErb/TKvO90dL3BmAFd4A64nsfJ+9NRUMZXuPH9fc0KHPKG/g+eNgiz:HJ9jkl9NbBo9fc0KHYno
Malware Config
Targets
-
-
Target
2024-02-19_5384c6825a5707241c11d78529dbbfee_hive
-
Size
3.3MB
-
MD5
5384c6825a5707241c11d78529dbbfee
-
SHA1
85f5587e8ad534c2e5de0e72450b61ebda93e4fd
-
SHA256
3858e95bcf18c692f8321e3f8380c39684edb90bb622f37911144950602cea21
-
SHA512
856861295efb9c1b0000b369297cf6905a277c2d7dd0bc238f3884cd22598055450bf0459d68441f135bb77150685a86707ea9320a37e10548b40185f09b961f
-
SSDEEP
49152:HJ9mQ5uetkErb/TKvO90dL3BmAFd4A64nsfJ+9NRUMZXuPH9fc0KHPKG/g+eNgiz:HJ9jkl9NbBo9fc0KHYno
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-