MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0
SHA3-384 hash: 9d8f7e0bea76a8f238df82ceaec42cc620311be088cf8401700327a4e037e8fc5b24f05eef075de57ae6726115020fb5
SHA1 hash: 6286880cb4e9b987641132830f42ce02de1c6384
MD5 hash: 4b6fbcddd3ae5c33148562246157fe5a
humanhash: mockingbird-timing-carpet-fruit
File name:4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0.bin
Download: download sample
Signature Hive
Create hunting rule
File size:436'736 bytes
First seen:2022-04-14 14:48:59 UTC
Last seen:2022-04-14 14:59:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a7031d65caab126e7655c41f3a209a13 (4 x Hive)
ssdeep 6144:Fd8ulUTlqRx1Bfd8tEOYfhXfojaEk6bOWGM/gRsVqERFQq7JlysU/a2jaa:F2UFBfd8tKXAQ6oqFQq7JlBsauaa
Threatray 13 similar samples on MalwareBazaar
TLSH T134943903F66251ACC06AC1788357A633FA327C0D46357AAB5BD0BE312F79B50A72E715
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
450
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0.bin
Verdict:
No threats detected
Analysis date:
2022-04-14 16:33:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/403831a5-6b9c-45a3-bc5b-11c7c10b49c9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263777/
Detection(s):
SecuriteInfo.com.Variant.Ransom.Hive.9.22298.2496.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13892/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62583464eab80a7a6c13bd47/reports/3a1c4434-3a55-4e2e-b1e4-e0c0a66a9b57/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Hive
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6a48f6ce-6128-433a-bb47-8ec932cba1fa
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/976975
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 609462 Sample: r5PcqzDaeP.bin Startdate: 14/04/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 r5PcqzDaeP.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0/
Threat name:
Win64.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-04-09 20:04:00 UTC
File Type:
PE+ (Exe)
AV detection:
26 of 42 (61.90%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iwd6pwhfnj3jjkqyqfcdgewbo5g2kukftu5eqmk2zuggss6pq6qa._file
Verdict:
malicious
Similar samples:
033a280e25d03046cb22a3d2bb229994861d0b51c7ca70a3b2a750b7dd87a0ad
Hive
065208b037a2691eb75a14f97bdbd9914122655d42f6249d2cca419a1e4ba6f1
Hive
11cc94773e0d1b1d6c4a5c6ffb430a321ff470c83896ed7c6ae8b1d87e1e6443
Hive
15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0
Hive
1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50
Hive
26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b
Hive
6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5
Hive
9b68f6082702082205344baf6812469cf2ef20345acb6b6a94022feebb087c43
Hive
c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f
Hive
ef29e4b32e6de86c5892e2f6d9e1029a49aef283298c81859e95fdc2c049804e
Hive
+ 3 additional samples on MalwareBazaar
Result
Malware family:
hive
Create hunting rule
Score:
  10/10
Tags:
family:hive
Link:
https://tria.ge/reports/220414-r6z91sdbbn/
Unpacked files
SH256 hash:
4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0
MD5 hash:
4b6fbcddd3ae5c33148562246157fe5a
SHA1 hash:
6286880cb4e9b987641132830f42ce02de1c6384
Link:
https://www.unpac.me/results/18eb0303-c59b-4485-97fa-312f05dd061a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/263777/

Comments