Analysis
-
max time kernel
20s -
max time network
132s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
06-08-2024 15:02
Static task
static1
Behavioral task
behavioral1
Sample
f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
Resource
ubuntu2004-amd64-20240508-en
General
-
Target
f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
-
Size
2.9MB
-
MD5
42cefb960328fc1cb4709ea2323c8c9e
-
SHA1
43fe3bf88cf80a3c5b3a77f2b8d66813b7305477
-
SHA256
f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
-
SHA512
0b100b1a16128559b0f5b42e637bf9a8a3c2b0d392ff2170ec5fd899144b147d7f65fcb4a256c9c9e807403b2e6cf948222d3c234de81010be4c795bab0b7b85
-
SSDEEP
49152:XOvI8AObrb/TivO90dL3BmAFd4A64nsfJ73CAdQMP83g9EC64xJCz15e82Iv4Qb0:GQNDHn28xc0+r
Malware Config
Extracted
/root/HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
Signatures
-
Hive
A ransomware written in Golang first seen in June 2021.
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
286B
MD58495d3b1386ad028a6966ac58bbe2287
SHA1a7f41a6cc5aa3f07191956ef5cd5a27df66dd9ac
SHA25639be18add82aa64d33e66bfab20c0675c6094c19b25dde6c49c631da8bab6190
SHA512e8b0d1759d5aa7179b38da9336248afa6b8d20d3aaffd205b10bf8b0fbd7d5ea43179958889c4e0b5c2e77642941bcb118be5ffc2533a3bc2c29266af87daaf8
-
Filesize
344B
MD54beae1e6fd1a2cdd6775ed13ef225516
SHA13c710ae341842cd4a1f6df8d9aa77d7e0e78f590
SHA256d63500dc992caa15753576f577fafe683afc925e15218be104bdb79879357d86
SHA5126e4d1acd588ff7aa929f3b7c3243e6a1118a00ed39f21a55a73abe2b62483f0bdef2d8e04be6ecfe28ed03dfdd3e2f8815caab1ad39495d9e0ebcd5c5a650fba