Login Reports Overview overview 10 Static static 8 windows_25...c5.exe windows7-x64 10 windows_25...c5.exe windows10-2004-x64 10 Sharing Copy URL Twitter E-mail General Target windows_25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5 Size 884KB Sample 221223-s4fy2abh3s MD5 da13022097518d123a91a3958be326da SHA1 24a71ab462594d5a159bbf176588af951aba1381 SHA256 25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5 SHA512 a82aa97a92cd21ee2d4b556448fd3293396eb7c01d3626ebdb6c3816277783578686830c430014b6b2fc3280bc1301df27da079937f88834c2d35641eb5fc26f Score 10 /10 hiveevasionransomwarespywarestealertrojanupx Static task static1 upx 1 signatures Behavioral task behavioral1 Sample windows_25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5.exe Resource win7-20221111-en hiveevasionransomwarespywarestealertrojanupx windows7-x64 16 signatures 150 seconds Behavioral task behavioral2 Sample windows_25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5.exe Resource win10v2004-20220812-en hiveevasionransomwarespywarestealertrojanupx windows10-2004-x64 27 signatures 150 seconds Malware Config C:\Program Files\7-Zip\EGdu_HOW_TO_DECRYPT.txt hive http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Targets Target windows_25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5 Size 884KB MD5 da13022097518d123a91a3958be326da SHA1 24a71ab462594d5a159bbf176588af951aba1381 SHA256 25bfec0c3c81ab55cf85a57367c14cc6803a03e2e9b4afd72e7bbca9420fe7c5 SHA512 a82aa97a92cd21ee2d4b556448fd3293396eb7c01d3626ebdb6c3816277783578686830c430014b6b2fc3280bc1301df27da079937f88834c2d35641eb5fc26f Score 10 /10 hiveevasionransomwarespywarestealertrojanupx Deletes Windows Defender Definitions Uses mpcmdrun utility to delete all AV definitions. evasion Hive A ransomware written in Golang first seen in June 2021. ransomwarehive Modifies Windows Defender Real-time Protection settings evasiontrojan Modifies security service evasion Process spawned unexpected child process This typically indicates the parent process was compromised via an exploit or macro. Clears Windows event logs evasionransomware Deletes shadow copies Ransomware often targets backup files to inhibit system recovery. ransomware Modifies extensions of user files Ransomware generally changes the extension on encrypted files. ransomware UPX packed file Detects executables packed with UPX/modified UPX open source packer. upx Reads user/profile data of web browsers Infostealers often target stored browser data, which can include saved credentials etc. spywarestealer behavioral1behavioral2 MITRE ATT&CK Matrix Collection Data from Local System Command and Control Credential Access Credentials in Files Defense Evasion Indicator Removal on Host Disabling Security Tools File Deletion Modify Registry Discovery Query Registry Remote System Discovery System Information Discovery Peripheral Device Discovery Execution Command-Line Interface Exfiltration Impact Inhibit System Recovery Initial Access Lateral Movement Persistence Modify Existing Service Privilege Escalation Tasks upx Score 8 /10 hive evasion ransomware spyware stealer trojan upx Score 10 /10 hive evasion ransomware spyware stealer trojan upx Score 10 /10 © 2018-2022 Terms | Privacy