General

  • Target

    windows.exe

  • Size

    895KB

  • Sample

    210825-2hefm7n3g2

  • MD5

    b2592698fc88a45536dbd47245848f8a

  • SHA1

    d50fa8f346224f5ca40ffabcb7d4fda8bcf2be15

  • SHA256

    b0508de411dec856dbf88c5f2dc4255c656a8388f00debc3eaa5d952d66ef3b7

  • SHA512

    7eee9d918ee7d3b484b868f9fe50d2b2160136825f69f9c62985480686efd4d75f60683ea7f23912189b7cf7d5c03629c5f248318980243396b6d71965489d1a

Malware Config

Targets

    • Target

      windows.exe

    • Size

      895KB

    • MD5

      b2592698fc88a45536dbd47245848f8a

    • SHA1

      d50fa8f346224f5ca40ffabcb7d4fda8bcf2be15

    • SHA256

      b0508de411dec856dbf88c5f2dc4255c656a8388f00debc3eaa5d952d66ef3b7

    • SHA512

      7eee9d918ee7d3b484b868f9fe50d2b2160136825f69f9c62985480686efd4d75f60683ea7f23912189b7cf7d5c03629c5f248318980243396b6d71965489d1a

    • Hive

      A ransomware written in Golang first seen in June 2021.

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks