Extracted

• • Target

    80788b971747ce9edf83195f5b1ba30d951534dcff1772154fa68e38ce799343.exe

  • Size

    3.3MB

  • MD5

    593bd62eceeda58654db4440f104145a

  • SHA1

    b1b91ca760e16a73ed089de05fde9e78fe27416d

  • SHA256

    80788b971747ce9edf83195f5b1ba30d951534dcff1772154fa68e38ce799343

  • SHA512

    cc0d4f57815d0dbce6c59cf05920e93c0fa8340aad8effde3160fde2ddb3eb132d1f6a06d2f40176c7ab16c033312ac34f086f977724a47130f94e6054fc09e6

  • SSDEEP

    49152:uVcQjH6VIOIgQFF3KzfKeSQSqFvVqp/kHzQJqEFH1D1Rc:uVpjK7xWF34fSQSqFvVqpcfEc

  Score

  10^/10

  hivedefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Disables service(s)

    evasionexecution

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Hive family

    hive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Modifies Security services

    Modifies the startup behavior of a security service.

    defense_evasion
  behavioral1behavioral2