General
-
Target
25f621faa29e7814e8c6d75d3e7fc3f65877d81b5dafb397526b26dcd8d3594d.7z
-
Size
850KB
-
Sample
220112-vhrvhsdcf4
-
MD5
dac63ef04cec54faad1ba48ea8073985
-
SHA1
5d1b89b037ee4eb6469cc235788f4420dfe4055d
-
SHA256
2d1272eb42b05f4f960c48969edfeb8ae7674e817e06596f7f6567dc2f2ae80a
-
SHA512
a49d1b6035196f0a9a9f38d514aa51dd03a2716db2a698990c3d95c3c57dc2c771421d48c893142f216f2203c939aa0d3de3126f2f00e28b715daaab5f92448b
Malware Config
Extracted
C:\MyEY_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
25f621faa29e7814e8c6d75d3e7fc3f65877d81b5dafb397526b26dcd8d3594d
-
Size
2.7MB
-
MD5
583ce06f5812bbb83e7388b58e7498f5
-
SHA1
9e8dafdfea6b79dc3f13b582529caa451f5a6355
-
SHA256
25f621faa29e7814e8c6d75d3e7fc3f65877d81b5dafb397526b26dcd8d3594d
-
SHA512
2db707dbd5137b58f9178de1e963e5a7c13196c2c656c39c9e7d31d70cd28759f46e4b5c2e109f6f44d6fbd07a1bf09c6a720b32e1a2695ecf9fa51b7182f6ce
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Hive
A ransomware written in Golang first seen in June 2021.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-