Analysis Overview
score
10/10
SHA256
f24767aa5b3c45b8947b25d353119474c77cdae40ffd71b1d36f1e4403afc6c1
Threat Level: Known bad
The file mayb_hive_18481291930.zip was found to be: Known bad.
Malicious Activity Summary
Hive
Enumerates kernel/hardware configuration
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-06 15:02
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-06 15:02
Reported
2024-08-06 15:04
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
20s
Max time network
132s
Command Line
[/tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377]
Signatures
Hive
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377 | N/A |
Processes
/tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
[/tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
/root/encrypted_aes_key.txt
| MD5 | 4beae1e6fd1a2cdd6775ed13ef225516 |
| SHA1 | 3c710ae341842cd4a1f6df8d9aa77d7e0e78f590 |
| SHA256 | d63500dc992caa15753576f577fafe683afc925e15218be104bdb79879357d86 |
| SHA512 | 6e4d1acd588ff7aa929f3b7c3243e6a1118a00ed39f21a55a73abe2b62483f0bdef2d8e04be6ecfe28ed03dfdd3e2f8815caab1ad39495d9e0ebcd5c5a650fba |
/root/HOW_TO_DECRYPT.txt
| MD5 | 8495d3b1386ad028a6966ac58bbe2287 |
| SHA1 | a7f41a6cc5aa3f07191956ef5cd5a27df66dd9ac |
| SHA256 | 39be18add82aa64d33e66bfab20c0675c6094c19b25dde6c49c631da8bab6190 |
| SHA512 | e8b0d1759d5aa7179b38da9336248afa6b8d20d3aaffd205b10bf8b0fbd7d5ea43179958889c4e0b5c2e77642941bcb118be5ffc2533a3bc2c29266af87daaf8 |