Extracted

Extracted

• • Target

    hive.bin_exe

  • Size

    764KB

  • MD5

    2f9fc82898d718f2abe99c4a6fa79e69

  • SHA1

    9d336b8911c8ffd7cc809e31d5b53796bb0cc7bb

  • SHA256

    88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1

  • SHA512

    19f0879b1c54d305ab7a97a0d46ab79c103d4687fe37d5f9ef1934904eea48a1c66b1ac2de3dace6dc0d91623309287044c198cb0b3fc9f8453fbc9d1c0cae8b

  • SSDEEP

    12288:CinNFNkY/yU97ppM4NSBG81Np2C9H4S3iDjlLtc4wCIITIQaOI6NrwacVYV+4MsT:CinN3n/y67jM4v4kCSPDjlLtbwt8IQLH

  Score

  10^/10

  hiveransomwarespywarestealerupx

  • Detects Go variant of Hive Ransomware

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1

• • Target

    windows_25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5

  • Size

    884KB

  • MD5

    da13022097518d123a91a3958be326da

  • SHA1

    24a71ab462594d5a159bbf176588af951aba1381

  • SHA256

    25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5

  • SHA512

    a82aa97a92cd21ee2d4b556448fd3293396eb7c01d3626ebdb6c3816277783578686830c430014b6b2fc3280bc1301df27da079937f88834c2d35641eb5fc26f

  • SSDEEP

    12288:Sw41dVZvThPCsM18GLHe7wlDdkPAQEtxr0fflvRmhEBWtdUJiAUtP/T/kAfMvgVt:dod1HDmlDdkZ4YXPpaTTXMw

  Score

  10^/10

  hiveevasionransomwarespywarestealertrojanupx

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral2