Extracted

• • Target

    VHO-Trojan-Ransom.Win32.Hive.dc-d7fe04c042782df6be1fb3e38f171631820e43b9472da93af7e5f49b550a2a33.exe

  • Size

    3.3MB

  • MD5

    6c1444d0e1c63881918fdd4d60d54f9d

  • SHA1

    408db71f315ae43204f1a34b6f28c5ac51d5507b

  • SHA256

    d7fe04c042782df6be1fb3e38f171631820e43b9472da93af7e5f49b550a2a33

  • SHA512

    bacf08c9d9c93495f01356589249dba5d5b8588acb7f00eb7d92e784875ef9610e37687ff32233c49f862f5564c6cf1fe0643ea8179a3e1be98eec65485525c1

  • SSDEEP

    49152:uVcQjH6VIOIgQFF3KzfKeSQSqFvVqp/kHzQJqEFH1D1R:uVpjK7xWF34fSQSqFvVqpcfE

  Score

  10^/10

  hivedefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    defense_evasion

  • Disables service(s)

    defense_evasionexecution

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Hive family

    hive

  • Modifies Windows Defender DisableAntiSpyware settings

    evasiontrojan

  • Modifies Windows Defender Real-time Protection settings

    defense_evasiontrojan

  • Modifies security service

    defense_evasion

  • Clears Windows event logs

    defense_evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Modifies Security services

    Modifies the startup behavior of a security service.

    defense_evasion
  behavioral1behavioral2