hive | 2024-08-12_61a8fc763aa8bfdb1e43001566bcfce7_snatch | Triage

Sharing

General

Target

2024-08-12_61a8fc763aa8bfdb1e43001566bcfce7_snatch
Size

2.2MB
MD5

61a8fc763aa8bfdb1e43001566bcfce7
SHA1

b65880c2c590b3d2f736bf2818be923214a6efe5
SHA256

8d797c2e404f3162c836020500b99c524deedabfc4770ee54fd9e0ea8bfd2ef4
SHA512

5c39fb96e97dd7291b55b3d16ca0b0521e391369aa639801054e1011b11b3680ec2374dac8b2447677a23bf480c4b2014bb90442f0e8afe1b298c08650d14823
SSDEEP

24576:lm8bqgR8VT8P5ZmUbFJnDoaY3azzKSP/OFvIxJH92ZK86EqDh8YCJjiraf4oAV/j:v73h3P/4K81TjasiXCUVnjU1HO1

Score

10^/10

hive

Malware Config

Signatures

Detects Go variant of Hive Ransomware 1 IoCs

resource	yara_rule
sample	hive_go

Hive family
hive

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-12_61a8fc763aa8bfdb1e43001566bcfce7_snatch

Files

2024-08-12_61a8fc763aa8bfdb1e43001566bcfce7_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 955KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ