Extracted

• • Target

    aa78798172e873d88f42bf8bb5853aecfb74a3bf8980540f6be66f800bf1f153

  • Size

    1.8MB

  • MD5

    0c18bc83e838deec24af20d139b411d7

  • SHA1

    00e5e0e05a18bd01498f247145ae591a654e07f4

  • SHA256

    aa78798172e873d88f42bf8bb5853aecfb74a3bf8980540f6be66f800bf1f153

  • SHA512

    1d12ac5b2d4917c77964ad9464a334d9340d708e15c1a0ef467b95e1766ed96a9d5927e529d690c580917d6b776c9d9fedcce772f667188645d714b8445a25c7

  Score

  10^/10

  hiveransomwarespywarestealer

  • Detects Rust x86 variant of Hive Ransomware

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2