MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5
SHA3-384 hash: 1437b3b2a7d85c52afa470460fd7edae343c4133f98462fe85f0eb221d0810c42b3833f73517f9b2e9d0a01c8dd86db9
SHA1 hash: 8b0bb834b082d7ffc1d730031a964fe50bf6d514
MD5 hash: 276762ea80c28871d3a6997043c3016c
humanhash: spaghetti-kilo-johnny-autumn
File name:6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5.bin
Download: download sample
Signature Hive
Create hunting rule
File size:433'664 bytes
First seen:2022-03-28 23:15:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a9d048605f07f7f9f42b35afedade3f7 (2 x Hive)
ssdeep 6144:zuzIkI/bkS1+0EdYi+91xzrM68PS5OWGM/gRDfr33S8SQx6:zuzI5/bX+0EdYfHzmSgC8Sy
Threatray 10 similar samples on MalwareBazaar
TLSH T13F943A43F6A250ACC06AC0788357A633F9727C0D46357AAB6BE0FE312F65B50A72D715
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
434
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5.exe
Verdict:
No threats detected
Analysis date:
2022-03-29 00:39:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d5df91cc-36fa-4886-a438-e077b51e82bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/258815/
Detection(s):
SecuriteInfo.com.Variant.Ransom.Lazy.158.10095.27272.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11842/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug expand.exe filecoder ransomware
Link:
https://www.filescan.io/uploads/624241b49253b276b794f5e9/reports/0eab6b58-c554-4ed4-8a01-798470b7003b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/5a1bc046-622e-40fa-b8ff-e06589e621d8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/966262
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 598757 Sample: Tb3BcJP4JP.bin Startdate: 29/03/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 Tb3BcJP4JP.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5/
Threat name:
Win64.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-03-20 02:23:00 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=njhl6uj7tfv5ogmmoen67e3ktcp6ufemenmbp2swyhrk7l5je72q._file
Verdict:
malicious
Similar samples:
065208b037a2691eb75a14f97bdbd9914122655d42f6249d2cca419a1e4ba6f1
Hive
11cc94773e0d1b1d6c4a5c6ffb430a321ff470c83896ed7c6ae8b1d87e1e6443
Hive
15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0
Hive
1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50
Hive
26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b
Hive
567cb1d95c5b0701bc9a5b06842f9a675a592749cebcace5e7d62e626b2354d1
Hive
9b68f6082702082205344baf6812469cf2ef20345acb6b6a94022feebb087c43
Hive
c4d54c9c913a87aee8f0408fd1bb613b6d89b926327b71b70cd09491bfac7eeb
Hive
c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f
Hive
efdbfcb717b109b816e2d2f99c0d923803c70dd08fb9feb747eb90774e86116e
Hive
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220328-286jxsgee3/
Unpacked files
SH256 hash:
6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5
MD5 hash:
276762ea80c28871d3a6997043c3016c
SHA1 hash:
8b0bb834b082d7ffc1d730031a964fe50bf6d514
Link:
https://www.unpac.me/results/8c2168b0-ad2d-4f1f-a9ed-ad08240364c5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/258815/

Comments