Extracted

• • Target

    6a0449a0b92dc1b17da219492487de824e86a25284f21e6e3af056fe3f4c4ec0.elf

  • Size

    2.2MB

  • MD5

    c41d9625ccd175647ffa10484ab2556d

  • SHA1

    77d7614156607b68265b122fb35a1d408625cb96

  • SHA256

    6a0449a0b92dc1b17da219492487de824e86a25284f21e6e3af056fe3f4c4ec0

  • SHA512

    7036bbdd7079b560abcfe3aac1b5951571c318708d48fea340e82185e351c3853091900b31ef0d790ca3309943318620e00f9567440693e89a259b56fc09c9b2

  • SSDEEP

    49152:kOAAzrb/TYvO90dL3BmAFd4A64nsfJiTZxwuXf9nTCqw0Xfgg778laMex5D1:k1Dw+b3+

  Score

  10^/10

  hiveransomware

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Deletes itself

  • Reads CPU attributes

  • Enumerates kernel/hardware configuration

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  behavioral1