Malware Analysis Report

2024-10-16 03:10

Sample ID 240806-sefa7swcjf
Target mayb_hive_18481291930.zip
SHA256 f24767aa5b3c45b8947b25d353119474c77cdae40ffd71b1d36f1e4403afc6c1
Tags
hive ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f24767aa5b3c45b8947b25d353119474c77cdae40ffd71b1d36f1e4403afc6c1

Threat Level: Known bad

The file mayb_hive_18481291930.zip was found to be: Known bad.

Malicious Activity Summary

hive ransomware

Hive

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-06 15:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-06 15:02

Reported

2024-08-06 15:04

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

20s

Max time network

132s

Command Line

[/tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377]

Signatures

Hive

ransomware hive

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377 N/A

Processes

/tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377

[/tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp

Files

/root/encrypted_aes_key.txt

MD5 4beae1e6fd1a2cdd6775ed13ef225516
SHA1 3c710ae341842cd4a1f6df8d9aa77d7e0e78f590
SHA256 d63500dc992caa15753576f577fafe683afc925e15218be104bdb79879357d86
SHA512 6e4d1acd588ff7aa929f3b7c3243e6a1118a00ed39f21a55a73abe2b62483f0bdef2d8e04be6ecfe28ed03dfdd3e2f8815caab1ad39495d9e0ebcd5c5a650fba

/root/HOW_TO_DECRYPT.txt

MD5 8495d3b1386ad028a6966ac58bbe2287
SHA1 a7f41a6cc5aa3f07191956ef5cd5a27df66dd9ac
SHA256 39be18add82aa64d33e66bfab20c0675c6094c19b25dde6c49c631da8bab6190
SHA512 e8b0d1759d5aa7179b38da9336248afa6b8d20d3aaffd205b10bf8b0fbd7d5ea43179958889c4e0b5c2e77642941bcb118be5ffc2533a3bc2c29266af87daaf8