Overview

overview

10

Static

static

1

f7122a670e...876377

ubuntu-24.04-amd64

10

Analysis

  • max time kernel
    20s
  • max time network
    131s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    06/08/2024, 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377

  • Size

    2.9MB

  • MD5

    42cefb960328fc1cb4709ea2323c8c9e

  • SHA1

    43fe3bf88cf80a3c5b3a77f2b8d66813b7305477

  • SHA256

    f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377

  • SHA512

    0b100b1a16128559b0f5b42e637bf9a8a3c2b0d392ff2170ec5fd899144b147d7f65fcb4a256c9c9e807403b2e6cf948222d3c234de81010be4c795bab0b7b85

  • SSDEEP

    49152:XOvI8AObrb/TivO90dL3BmAFd4A64nsfJ73CAdQMP83g9EC64xJCz15e82Iv4Qb0:GQNDHn28xc0+r

Score
10/10
hiveransomware

Malware Config

Extracted

Path

/root/HOW_TO_DECRYPT.txt

Family

hive

Ransom Note
Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
URLs

http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/

Signatures

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

Processes

  • /tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
    /tmp/f7122a670e8ff23808fff2029ff69bf35930dd14785140f3bbcd491f89876377
    1⤵
    • Enumerates kernel/hardware configuration
    PID:4066

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /root/HOW_TO_DECRYPT.txt
    Filesize

    286B

    MD5

    8495d3b1386ad028a6966ac58bbe2287

    SHA1

    a7f41a6cc5aa3f07191956ef5cd5a27df66dd9ac

    SHA256

    39be18add82aa64d33e66bfab20c0675c6094c19b25dde6c49c631da8bab6190

    SHA512

    e8b0d1759d5aa7179b38da9336248afa6b8d20d3aaffd205b10bf8b0fbd7d5ea43179958889c4e0b5c2e77642941bcb118be5ffc2533a3bc2c29266af87daaf8

    Download Submit

  • /root/encrypted_aes_key.txt
    Filesize

    344B

    MD5

    de172b23a41a6f580cc3e1f199c670b3

    SHA1

    11227b44f737ecca511f70721a579241a300748a

    SHA256

    8d07e857332c627cc9fe42de4716a49dd94e2790234d1387e993985807e53e7d

    SHA512

    836507c724bd79e4aeb26d07210b5d7833c35c253502b25a6bda9852f3bf9548beba3021cf07b689a3b4f298939be13f774d3e726150a6c86796a33c8d638645

    Download Submit