MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111
SHA3-384 hash: 71535732748489e25341fbebf094fcae2ceb0b33b7c7a6e034314c60a40c8e14c7dd1a69ec43a2e5e6292b04e2fe4cb3
SHA1 hash: 201787737ca24e42bab344c426926891dd5f30eb
MD5 hash: 4268b9010190ddd7d95cbb96417407ef
humanhash: emma-summer-hamper-fruit
File name:201787737ca24e42bab344c426926891dd5f30eb
Download: download sample
Signature Hive
Create hunting rule
File size:1'794'560 bytes
First seen:2022-03-15 11:20:40 UTC
Last seen:2022-04-20 10:20:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c7269d59926fa4252270f407e4dab043 (45 x Hive, 23 x ServHelper, 22 x CobaltStrike)
ssdeep 49152:LHFOa3LEwg7XtCoXRecgdv7V5YMir32D1:LHL3A0hji
Threatray 47 similar samples on MalwareBazaar
TLSH T153855C87BC9190F9D4AAD2308A65C2917B31B4940B3763DB2F5096BA1F72FD41F78368
Reporter vxunderground
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
4
# of downloads :
417
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/250721/
Detection(s):
SecuriteInfo.com.Variant.Ransom.Hive.6.9588.7778.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9274/overview
Behaviour
MalwareBazaar
CPUID_Instruction
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/623076a1dfdfa8501ca37abb/reports/1675ce83-9082-4fdc-ad02-7ce40e1618c0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ff2cb08c-c6a8-424b-bb96-6b91129e43b2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/956931
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 589411 Sample: HFh8a58rL4 Startdate: 15/03/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 HFh8a58rL4.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111/
Threat name:
Win64.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-03-13 02:30:03 UTC
File Type:
PE+ (Exe)
AV detection:
11 of 42 (26.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eajbl7owxikz2itcd4scj523ex56nwwbzbisnylu4sxjthxyqeiq._file
Verdict:
malicious
Similar samples:
29d2f9308947efac0c804497666e1f03d61bc9321fdb498152a5d481d1e61a35
Hive
460b096aaf535b0b8f0224da0f04c7f7997c62bf715839a8012c1e1154a38984
Hive
5d1db413bbb7540633fef0e40a0a8fbb2e1c309623d80503b07eec0f5b5d5a57
Hive
76960749ed11d97582923e31d59115910ae74d8753c8e92f918f604ca8a0d26d
Hive
a210787ffd0a6a918cd8c950ce6b5af178902b2e5a49799e0a17d8b25200ca6f
Hive
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220315-nf1ajscddm/
Unpacked files
SH256 hash:
201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111
MD5 hash:
4268b9010190ddd7d95cbb96417407ef
SHA1 hash:
201787737ca24e42bab344c426926891dd5f30eb
Link:
https://www.unpac.me/results/4565ae66-bdf6-4e16-a991-7997513da92b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.21
Link:
https://yomi.yoroi.company/submissions/201215fdd6ba159d22621f2424f75b25fbe6dac1c85126e174e4ae999ef88111

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:Golangmalware
Create hunting rule
Author:Dhanunjaya
Description:Malware in Golang
Rule name:HiveRansomware
Create hunting rule
Author:Dhanunjaya
Description:Yara Rule To Detect Hive V4 Ransomware
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/250721/

Comments