General
-
Target
fc28a355483acd3c0e81891822e81e9989d45b4d9bc8a33096d92c3a227b92de.7z
-
Size
851KB
-
Sample
220112-xva4msdgbn
-
MD5
60efbad6c94c2267bf0ab5feb7ba65bd
-
SHA1
29877d048012ef2df60410f15f22cafbd968e3e6
-
SHA256
fc9d898ab0ecfb3d018440ba67cbfc5c6858a1fe98a74bc8615f143882a91a42
-
SHA512
9b5845bc053ed21022cb2c0a9539149ab490bd0c0021fc8a5c3d3cd0c2eb4f96accaf330604cc460b44cd0c122b4907a73eebf5c4eb0c79e0aded4466ca99cfb
Malware Config
Extracted
C:\Program Files\7-Zip\4a7Z_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
fc28a355483acd3c0e81891822e81e9989d45b4d9bc8a33096d92c3a227b92de
-
Size
2.7MB
-
MD5
524065ad3f33adcf7784f997d1089af4
-
SHA1
754e4389ce52c20629154313a8f19251b05f7e75
-
SHA256
fc28a355483acd3c0e81891822e81e9989d45b4d9bc8a33096d92c3a227b92de
-
SHA512
87e52e975aafcb2256f8fb9aa10afbd78f70cdf0ccb399573087bc88044e289ac87678fcce34e29eb5af847ba910d29e3d5f4f72259ffe5e4e8cfce63b6ee69a
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Hive
A ransomware written in Golang first seen in June 2021.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-