MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f
SHA3-384 hash: 5d1782a8a76413e7fa915aa129248b6caa7d04c07c31149172412801eddd9fa3b01b9f62e84df0462886f1488960aaa1
SHA1 hash: 790b9cf4200852cfd48a10334bc4a4e465e036e8
MD5 hash: d72cdf335e2caf17e4a5af5e81817d65
humanhash: cat-kentucky-robert-hamper
File name:8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f.bin
Download: download sample
Signature Hive
Create hunting rule
File size:420'366 bytes
First seen:2022-04-05 00:10:17 UTC
Last seen:2022-04-14 14:54:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d6247b74ff5623cf80dd1bb6359eeaea (7 x Hive)
ssdeep 6144:0+yXMxaShH8viQTod6Y2N2k92LH4yy7NK3htp1Yyi93I8M45l7jwaSRY/qeq/i+A:Tyccv7N2WyuWpGNM437jAY/fqxVE
Threatray 3 similar samples on MalwareBazaar
TLSH T1D2948D05FA83D1BAC867597014BFF23BD630091D41169F67FFE89E60BE5EB10AA0D609
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
3
# of downloads :
415
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
New folder.zip
Verdict:
Malicious activity
Analysis date:
2022-03-28 22:13:45 UTC
Tags:
ransomware stealer
Link:
https://app.any.run/tasks/9c0c6b5c-cc22-432f-8e16-3bbaa3de1c15

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/260763/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.35134.21108.30358.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/12613/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug expand.exe filecoder overlay ransomware
Link:
https://www.filescan.io/uploads/624b891740ce5db9f4083bdd/reports/e3fa6cb5-e74e-4549-a7ed-eba667bf8aa5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Hive
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ff57e964-9f3e-4d3e-b0ca-edf3c8ee136a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/970496
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 602983 Sample: hyuH4dob2L.bin Startdate: 05/04/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 hyuH4dob2L.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f/
Threat name:
Win32.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-03-28 23:40:58 UTC
File Type:
PE (Exe)
AV detection:
22 of 41 (53.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=roebjeq5ykzmw3vdz7dsswady4qiqcjedbjhycnwqazszewdh4pq._file
Verdict:
malicious
Similar samples:
0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4
Hive
382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8
Hive
bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd
Hive
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220405-agla5aeeb5/
Unpacked files
SH256 hash:
8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f
MD5 hash:
d72cdf335e2caf17e4a5af5e81817d65
SHA1 hash:
790b9cf4200852cfd48a10334bc4a4e465e036e8
Link:
https://www.unpac.me/results/4e126e78-68ee-4eb1-af7f-411bede598b6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260763/

Comments