Extracted

• • Target

    12baa6c83e6f8b059e7f14cb67bdad4e917b90bc8a139b5379a4b42a0c92a6be

  • Size

    2.7MB

  • MD5

    feb8f145c403b56d85ef7c662f169428

  • SHA1

    45fbb554666bffa433eed118cd6fcbd069b3fa25

  • SHA256

    12baa6c83e6f8b059e7f14cb67bdad4e917b90bc8a139b5379a4b42a0c92a6be

  • SHA512

    a69260bc132bc17607e48cafcd8278484e0ea4a7ad8d11559560b4589f4016aeae8dce89451735494860f4085098e20de400e4bfd189e7a6f7a61981299bc281

  • SSDEEP

    49152:w+bUJqQ5lrb/T1vO90dL3BmAFd4A64nsfJj3y8pYeTmGS1NDDCqYzPr8bg11Vgjg:nbs5O3y8BTlz0i4JxOww

  Score

  10^/10

  hivedefense_evasionevasionexecutionimpactransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    defense_evasion

  • Disables service(s)

    defense_evasionexecution

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Hive family

    hive

  • Modifies Windows Defender DisableAntiSpyware settings

    evasiontrojan

  • Modifies Windows Defender Real-time Protection settings

    defense_evasiontrojan

  • Modifies security service

    defense_evasion

  • Clears Windows event logs

    defense_evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Modifies Security services

    Modifies the startup behavior of a security service.

    defense_evasion
  behavioral1behavioral2