Overview

overview

10

Static

static

1

f7122a670e...876377

ubuntu-20.04-amd64

10

Analysis

  • max time kernel
    20s
  • max time network
    132s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    06-08-2024 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377

  • Size

    2.9MB

  • MD5

    42cefb960328fc1cb4709ea2323c8c9e

  • SHA1

    43fe3bf88cf80a3c5b3a77f2b8d66813b7305477

  • SHA256

    f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377

  • SHA512

    0b100b1a16128559b0f5b42e637bf9a8a3c2b0d392ff2170ec5fd899144b147d7f65fcb4a256c9c9e807403b2e6cf948222d3c234de81010be4c795bab0b7b85

  • SSDEEP

    49152:XOvI8AObrb/TivO90dL3BmAFd4A64nsfJ73CAdQMP83g9EC64xJCz15e82Iv4Qb0:GQNDHn28xc0+r

Score
10/10
hiveransomware

Malware Config

Extracted

Path

/root/HOW_TO_DECRYPT.txt

Family

hive

Ransom Note
Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
URLs

http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/

Signatures

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

Processes

  • /tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
    /tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
    1⤵
    • Enumerates kernel/hardware configuration
    PID:1406

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /root/HOW_TO_DECRYPT.txt
    Filesize

    286B

    MD5

    8495d3b1386ad028a6966ac58bbe2287

    SHA1

    a7f41a6cc5aa3f07191956ef5cd5a27df66dd9ac

    SHA256

    39be18add82aa64d33e66bfab20c0675c6094c19b25dde6c49c631da8bab6190

    SHA512

    e8b0d1759d5aa7179b38da9336248afa6b8d20d3aaffd205b10bf8b0fbd7d5ea43179958889c4e0b5c2e77642941bcb118be5ffc2533a3bc2c29266af87daaf8

    Download Submit

  • /root/encrypted_aes_key.txt
    Filesize

    344B

    MD5

    4beae1e6fd1a2cdd6775ed13ef225516

    SHA1

    3c710ae341842cd4a1f6df8d9aa77d7e0e78f590

    SHA256

    d63500dc992caa15753576f577fafe683afc925e15218be104bdb79879357d86

    SHA512

    6e4d1acd588ff7aa929f3b7c3243e6a1118a00ed39f21a55a73abe2b62483f0bdef2d8e04be6ecfe28ed03dfdd3e2f8815caab1ad39495d9e0ebcd5c5a650fba

    Download Submit