Analysis
-
max time kernel
46s -
max time network
54s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240418-en -
resource tags
-
submitted
28-04-2024 18:23
General
-
Target
totally real crack.elf
-
Size
2.2MB
-
MD5
c41d9625ccd175647ffa10484ab2556d
-
SHA1
77d7614156607b68265b122fb35a1d408625cb96
-
SHA256
6a0449a0b92dc1b17da219492487de824e86a25284f21e6e3af056fe3f4c4ec0
-
SHA512
7036bbdd7079b560abcfe3aac1b5951571c318708d48fea340e82185e351c3853091900b31ef0d790ca3309943318620e00f9567440693e89a259b56fc09c9b2
-
SSDEEP
49152:kOAAzrb/TYvO90dL3BmAFd4A64nsfJiTZxwuXf9nTCqw0Xfgg778laMex5D1:k1Dw+b3+
Malware Config
Extracted
/4oEi_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Signatures
-
Hive
A ransomware written in Golang first seen in June 2021.
-
Deletes itself 1 IoCs
-
Deletes journal logs 1 TTPs 1 IoCs
Deletes systemd journal logs. Likely to evade detection.
-
Creates/modifies Cron job 1 TTPs 2 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Deletes log files 1 TTPs 7 IoCs
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
-
Reads network interface configuration 2 TTPs 12 IoCs
Fetches information about one or more active network interfaces.
-
Reads CPU attributes 1 TTPs 15 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to shm directory 1 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.
-
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/totally real crack.elf"/tmp/totally real crack.elf"1⤵
- Deletes itself
- Deletes journal logs
- Creates/modifies Cron job
- Deletes log files
- Reads hardware information
- Reads network interface configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to shm directory
- Writes file to tmp directory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD59932bbfea02ad4bb0c43b36fddd98a7a
SHA11faee3c9dbb5f005769c8123387b45cf545cac89
SHA25613f91b1c2c02259660f4d83dd7383b5bbc4f04be98331fbbcf92f1e56f8557a4
SHA512cad236319f2bc80d4223aca681e1adc446ae72dd46530e00aa9887c331b94ac95c9b23c55c3d98c4615cb05da689d68006d75c3f0d213c6f9303ee04f2d4f7ab
-
Filesize
214.0MB
MD5d2c99d2eb559d28fb7c719ade4e883c3
SHA172d0aa43d58749acdc88e7ec0cf98d8f4847dae1
SHA2561061136f7281ab297cbfc014ec72936f3157737ad08b4ecc4d36aa0a01aff034
SHA512a0fa359ee9850c9d967d4077d34e788b10598fbbdfba45ddac07307d0accff0908afc1d857faf0eafeead7c6c8c072c6471f7126c05db3645c6f16941aa19d2d
-
Filesize
823.0MB
MD5e7546508530ea19aa137218f2f547506
SHA1ecdc4bb58d17f279f61c1a98a5e63ffa2fae7759
SHA256eb4d449901500c0dada9bc404d5027ba07c14f8af620bc84ec72bf14d0b93ce9
SHA51257cd86888948cf1f194ea16662ec7d6596854f4646a61685421ee27d67e897dd6b1b1d72a3ed1eb53276119666d29e3e3f7d380f0d0ca3840ea8262721e905ed
-
Filesize
1KB
MD5ff20e9231f075f2da48939e1404433e6
SHA1b6b095abd7636ff094dc9560ae19b4902268ffb3
SHA25660195e714782a8b8ab7dab911f6f855ab9160776dca1dbc04c18c045768dbd97
SHA512e5576b08a067daa56778b614a3c58d0af923c4e4888c512daa456182c3e1c5f65aaa90dbf43d79752394d9cfc5d968f6a0b80a54517a0c468be5aabd38c282cd
-
Filesize
1.1MB
MD5e48f4cfdfd652ca5e2648e47d4f55d9b
SHA16b7143390280586e393b115ef789243be46f5219
SHA256c2e63ee33852001b79bd011b2847f2b8b98216155cc2e91caa189d467720b9db
SHA51264cc3e520fbcafcf4fa8522e5a76d68c1d9541cd76f7e8b6d577457e25cb14d7e443866ce037ed7b3ca3bbad6b6bd333ee65e6e62ee04e1acd4eb8df0189eead
-
Filesize
71.0MB
MD5f9836024c63d582b2499a9ab4f6ae056
SHA150f9241c9ddd3047e2891dc899043cd0c45f361d
SHA256beec79fa6f41a71670483e87bc11e04a23d4b02bfc9e74dc195c7747ea72fb4e
SHA5124d45f5bcd705a81020fe517586a840c9b93414c11eb9df8adb48ae1aa88362998a7847e341a34c655b425a9e52a3358013f25663562562a73f4a018ec0a8fcbc
-
Filesize
190.0MB
MD5dff2fa2dfbd6a37bccb40635ef91075c
SHA1cc7ec652f5213d7185fdbe46209beb2a40d4b11c
SHA25603771cfde56d139453d041a10ee17096c5cd48cfd4879564d51a2164f3fff23f
SHA5128b2bb0722ccb44a9ca065bf52999160dbdc27c8e8343b49a532120e84da7852ad7f736beb1baf33683156b3c18cc84869503396c45050a3699f0e515bdff1852
-
Filesize
32.0MB
MD58425cc90fb2d6a5c6a5a6362bed8aa12
SHA190a92a6292a110d0ec58e7f99825c981c4d9aa0b
SHA256ce3d51112a7bf83468754ff749c2e4c99ee39ad665c5bc0a6c987cc33701bf86
SHA512c5a10024c3efc9bd478165e96bad0960d7518b7a51f0a8e9acc8fef196ddfee2800a60c11705288b27be64651906e2ff6a16b9286fe777a5f29716a6a9e854e5
-
Filesize
723.0MB
MD52f1aa3392e82abc8117224c3930e7184
SHA1bf5ae65f16faf1483d74f9209cf12c9f08effa37
SHA256031632339313362ed552ecb984edc6981619d0eb1f05fcd298b79d0a762a6d30
SHA512f6ed541b4433fe6856f4f0b84d134494367c3d040b3806ce4c0b7f196944eeabaaf55eab1dff80e5f523b2ac2928962900a90cce8cbc0fd7587afeb8976e61fe
-
Filesize
131.0MB
MD55a0a74c4a2b6a215cf882756b02d1846
SHA1c167e5854cc900e5c1243d30f623d94e34af9942
SHA25673df8ddc39b654e9f43221256e8a8178eec3a8dfc7dd3c05bd42813f2bda0ec7
SHA512ce86c3c376cd09b05da00bbe42461f96da98752b04c553328b0fa5d1de8f72c779ab42538e71de2852604a6f13bd8a21b645e6291b9582f2f8eac317fb61c941
-
Filesize
1012.0MB
MD5b0db66df2ca31327be5f83f9d4f1aa27
SHA15e24a980826ee6ab79dd52bcba5b39d8750af76b
SHA2563928842678091e7d9ffdbaf0c7509cf2794da5b2dfc6178266bed948010a7056
SHA51256ca425f35b7f5a5a28908e6c1cd335f4156813304083696e88b05800ea4275151fd1f60e67d5a33d78d8ac6b358bb15b611a901ea28cbb271d1ddaaadc92a38
-
Filesize
1023.0MB
MD5a7149d62f02820a5db47c302a3fe0d43
SHA1ef582524a39721aed30bda94829778a5ef5143c9
SHA2569be1573ea225678d6ab47c3a211380a6bf2cf473baab4156796637445d31d3a1
SHA512e01db19867e69ecc1bc920df3ff7126a5973820274f3f4c6fa8973e195076f011cb18daa4594c1b688202044eda659ba51d555c3aa0d26bd53b857c2c4a2b825
-
Filesize
1015.0MB
MD53dfa5e5269cb4b043ad07c614cc4906d
SHA18b9d60a2b16e22cfb6006b28461ea9a4c8b3e271
SHA2563685a32126fe8605f98aaf1b6482c0313817e80be6b64e2dea9d602423925347
SHA512cff9a669a888cb3d5c66b49aa5a77646cb4dc6919188b91c445aa14c30d66454be07a00b7338520e99bce3d09db6a2155e9408e120cafabdec15c5f8f3eeceff
-
Filesize
1019.0MB
MD57e4123b10793dc86e2b5be24ab4f053e
SHA164b5dabc384ebd2ab34cfc83202fbf7dc9a9435c
SHA256e5500c309ec8afb2ab8d0f236df0d88da7319ac90853d86dd852fc9895d260ac
SHA5124d46b242f26eed864325c9506d79fa38957230915e4479ca11b40c9f61b82334773ef0ff2417a1bf63418daaf6b1df4ef9098842d68aae6e3a8bd9bc257c103c
-
Filesize
1022.0MB
MD5996a44a35d46fe5044e170e0ef9e56ab
SHA14c6d45636632d9a5f22877a3749dbbb58a5e9984
SHA256771668a114fbf011467a8f076f0014411db85ff379a35d8eb63ea08f6ef3d335
SHA51223f6d3f2a23fb41f525810c587dbcd687022125a05fc381d7e90664a0666f41a9b4ced9683963dfd81ad2c18417bf6396a70bed699a104f22461de9e487f428e
-
Filesize
1022.0MB
MD5696c412304dc738be24baa304fd98b5a
SHA1a3ce61011d8a7484af3132b97e2eeb44792e2fcc
SHA256fe9c76e273058460ce01e605ef8baac18179ad828c1be0c7198295c66006a864
SHA51244d55d1fdef94ab1826a73a578cd46161c007ff487ab1243f06afd508fb85b7c2eb698e7001d463b3d5186daa2273094a5762e166589d43a86e13bb1d5b28ec4
-
Filesize
1023.0MB
MD5f499313d9051101b23dba9eae1041f93
SHA19ee8c74c17740e0561a7b019f1b71d10ab7ad347
SHA256b0b6b2b3fe7be458c9b42aa5ce9b20d81f6f5d2324708ec41e112dae3eb7a4df
SHA512aec9ccbaf63f3094e1fc20542e637b1fb5406bc15fd7ee70f88c4ebb8d2032a13e21d76ba5f16a51351b7903108501d294cf7520973a880393fa01068ab41d41
-
Filesize
1024.0MB
MD5d6d48983267a28a9f13a89b8166d49b0
SHA1070c5ee24e6c11a6d092b58f9f79def81ca77495
SHA25654a2a762db5998f2146da56f0c1ffef5336b24e98c5e17ce660b70cc87d626a1
SHA51261ce96c4aef5c8fea5a02f03855a487f0a18a9843ced7ae711460909551f70018c8f7ef44ac0e911cb47119e8e99b7eed6b902a08436c24e9a09dba003bf754c