Extracted

Extracted

• • Target

    windows_x64_encrypt.dll

  • Size

    601KB

  • MD5

    5a22a872d458c1dcb66cc2506d57afb7

  • SHA1

    5dbdd31a29f702b317d7907a69a42e7d21a5b32e

  • SHA256

    940f22327b5693b1246187f49e87e0ebbd01454033029c7aa6eab15a0ae85fa9

  • SHA512

    6ffe0696aff39449e110811c2f862f835cbd51e46942b9a9cef987e4d24ac9d9efdc9a32102d76df433b423004c8d194e6d23e5369f109449917b0b55ade9845

  • SSDEEP

    12288:O4jAC6F/0doKJcT/L/DcQVV03YKHLbdOrqoeOQB8eA2wmuKE6bxmdemEll6/vTF+:O4jF05/XPnEbynuLEhAoFci4HksWld9E

  Score

  10^/10

  hiveevasionransomwarespywarestealer

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes System State backups

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1