Verdacryptor_V4[.]ps1 | Triage

Sharing

General

Target

Verdacryptor_V4.ps1
Size

34KB
MD5

8a4da439e15bcd078c6507a507d801fc
SHA1

1d1162152d90f3a86b6ed9bfdd9f8ce8ffa2341a
SHA256

7b25f7e75897d9eb2443afbe6a834754d3ebfda1be72f047df283b39781ca0c3
SHA512

fbc4281a9c4fe124709298a41e3081b5f1b9c21fcc92c77d444f5fb8c64b6265ea58c003911f099433b09e30d094c705e01cfd3f2624504ce998437736d4f9ea
SSDEEP

384:thz/sIUBSzj5mMEEpi0D04eEMls/11AUfoUHaWPw3+4CFYw5jIyJyXY:QM5mME00xEbrl6Yq+409IrXY

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Files

Verdacryptor_V4.ps1
.ps1