thanos | OfficeActivator[.]exe

General

Target

OfficeActivator.exe
Size

87KB
MD5

1b4e57be75e855e54e84f55874782d4b
SHA1

f5f17bae63faad537233bb38647940bda7340b2c
SHA256

8441f92e8460a7b2ed37ee96affe547a65589b2e8e980a18a6b08b786b48465d
SHA512

076245019b439583d4a45e46e6c836a2724270aba0a6e1b04e20c4157bdb32533045ee118c22a013e6f7127f1d34eb8b82738156dd152dae7c4ef9da1cf39da9
SSDEEP

1536:LcW4lAJGGnzjoih/NDh/NDuk+XkGAK/hztXcag+PlbBfkWIyvZrw281r5XsmCZEq:4WNGszjoih/NDh/NDuk+XkGAK/hztXcE

Score

10^/10

thanos

Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def

resource	yara_rule
sample	disable_win_def

Thanos executable 1 IoCs

Processes:

resource	yara_rule
sample	family_thanos_ransomware

Thanos family
thanos
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

OfficeActivator.exe

resource
OfficeActivator.exe