hive | 83796fb61255c7604cf96f0c5aec2ac62cbdeb9154289a0340407168d4809720 | Triage

Submit
Reports

Overview

overview

Static

static

8

77a398c870...18.exe

windows7_x64

77a398c870...18.exe

windows10_x64

Sharing

General

Target

4909277047324672.zip
Size

762KB
Sample

210728-qzmb8kv6v6
MD5

676ff333da77a4f6ee28d6e0d04428fb
SHA1

40fdc72eedaab50fb5e4bf7270cc22114c8cfa89
SHA256

83796fb61255c7604cf96f0c5aec2ac62cbdeb9154289a0340407168d4809720
SHA512

cdfd74c56075ea2b273dabfb23d4c3e0532a19aa775d26d08b388a477e3e487499933c444a596f1962b0e67961f731472445f7c241eee4785b0a09205806eba8

Score

10^/10

hive ransomware spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

77a398c870ad4904d06d455c9249e7864ac92dda877e288e5718b3c8d9fc6618.exe

Resource

win7v20210408

hive ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

77a398c870ad4904d06d455c9249e7864ac92dda877e288e5718b3c8d9fc6618.exe

Resource

win10v20210410

hive ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  77a398c870ad4904d06d455c9249e7864ac92dda877e288e5718b3c8d9fc6618
- Size
  
  764KB
- MD5
  
  c3aceb1e2eb3a6a3ec54e32ee620721e
- SHA1
  
  cd8e4372620930876c71ba0a24e2b0e17dcd87c9
- SHA256
  
  77a398c870ad4904d06d455c9249e7864ac92dda877e288e5718b3c8d9fc6618
- SHA512
  
  56435cd4ab809730e8de1b84da775f9a60dff4b809143792c69ba5c8cf10396b4935310ba7caeb513cf9c55dd944ccd0871f1b57fc772ef3da89f570f5abc66e
Score

10^/10

hive ransomware spyware stealer
- Hive
  A ransomware written in Golang first seen in June 2021.
  ransomware hive
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops file in Drivers directory
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

hiveransomwarespywarestealer

behavioral2

hiveransomwarespywarestealer

© 2018-2024

Terms | Privacy