General
-
Target
Hive_ransomware.zip
-
Size
2.3MB
-
Sample
210825-tk4vhhwc2j
-
MD5
653cd61ec57908e5a3d459078b2f1cac
-
SHA1
fdb3926d2e905d9c6403077a0fd3ca378f50f1a7
-
SHA256
496631c22a23bb9abb9229850cfbaa9c7fcc6c2a96d3803c0e5612d384ba7519
-
SHA512
abfe1f6bad17c0831f4f2c26b8a8ff7e7d365113ac71d9c93d11b9fe6af8cea164a0947e6e4d4a97b197930a9e5b401296555f42c563a850b008a44dd34669aa
Malware Config
Targets
-
-
Target
1e21c8e27a97de1796ca47a9613477cf7aec335a783469c5ca3a09d4f07db0ff
-
Size
763KB
-
MD5
eb45ff7ea2ccdcceb2e7e14f9cc01397
-
SHA1
2f3273e5b6739b844fe33f7310476afb971956dd
-
SHA256
1e21c8e27a97de1796ca47a9613477cf7aec335a783469c5ca3a09d4f07db0ff
-
SHA512
6bf3f85d6781beff8037c1ac5058ade7556cf649db65ec7ac4900b010abe1844a2d4e3054d15951ea02d10e92a85bc6efa766fb8902d0ac6ce07a928d67f4961
Score10/10-
Hive
A ransomware written in Golang first seen in June 2021.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
-
-
Target
a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749
-
Size
808KB
-
MD5
504bd1695de326bc533fde29b8a69319
-
SHA1
67f0c8d81aefcfc5943b31d695972194ac15e9f2
-
SHA256
a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749
-
SHA512
18c5b28bafb13edf47f6a2b803d9d9a914945f037b266a765f2a324842c5ef04ebda27eba31851d2d63e00779a42900e0edfe4ad5bd817eb4f43fa4d4e3a4767
Score10/10-
Hive
A ransomware written in Golang first seen in June 2021.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops file in Drivers directory
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
fdbc66ebe7af710e15946e1541e2e81ddfd62aa3b35339288a9a244fb56a74cf
-
Size
808KB
-
MD5
8240d60d83cb7c0248e64389855e29b4
-
SHA1
3b40dbdc418d2d5de5f552a054a32bfbac18c5cc
-
SHA256
fdbc66ebe7af710e15946e1541e2e81ddfd62aa3b35339288a9a244fb56a74cf
-
SHA512
c7b9bd58c12a9b0d0b3d7b0984d2ac7295bf5417477df96a6c788a19f3e623f1e4cd7ffd5f94e2ca56795d1d01fb0e754b5ea99c556e724b7ecfbbc774ba3cee
Score10/10-
Hive
A ransomware written in Golang first seen in June 2021.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops file in Drivers directory
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-