MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4
SHA3-384 hash: 4474603eb1dfb8e1528d8dea1bbb8f914cf7225e606c5b1830c20c0c35e90b2839f83b984e1435e26661350132ede015
SHA1 hash: 964df0356373318a4b423f9121444dc4da615a7f
MD5 hash: f652a6cdff2526a355e7c187cf8e0375
humanhash: mountain-earth-illinois-batman
File name:0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4
Download: download sample
Signature Hive
Create hunting rule
File size:422'926 bytes
First seen:2022-04-05 00:10:38 UTC
Last seen:2022-04-05 00:40:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b59e483a28399c3eef50bc541eda77d0 (1 x Hive)
ssdeep 12288:9Jlt47Ht/hq822fvXHSuP040m8ERN1YyRVpbXDWg:nlt490lCvy20d3iBXbTp
Threatray 3 similar samples on MalwareBazaar
TLSH T10B948D05FE83D6BAC8675970247FF33AEA30091941168F27FFE49D71BE5EB109A09609
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
468
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/260758/
Detection(s):
SecuriteInfo.com.Variant.Lazy.159410.8726.19146.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/12614/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug expand.exe overlay
Link:
https://www.filescan.io/uploads/624b891940ce5db9f4083bdf/reports/6baf05a9-293c-4517-a272-15303eea4f64/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Hive
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c2588127-f7e9-459e-b73e-ba0d9d5cf76b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/970495
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 602982 Sample: fn60OMsnV7 Startdate: 05/04/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 fn60OMsnV7.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4/
Threat name:
Win32.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-03-29 20:47:22 UTC
File Type:
PE (Exe)
AV detection:
21 of 42 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=biymrfn22adj6iz76l7eyv7d375pem7isl5sl7nsdtzrfwoi7c2a._file
Verdict:
malicious
Similar samples:
382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8
Hive
8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f
Hive
bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd
Hive
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220405-agllwseeb6/
Unpacked files
SH256 hash:
0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4
MD5 hash:
f652a6cdff2526a355e7c187cf8e0375
SHA1 hash:
964df0356373318a4b423f9121444dc4da615a7f
Link:
https://www.unpac.me/results/bbdc011a-0778-4e5e-a795-919533ddde54/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260758/

Comments