Cryptographic Hash

Malware may use a cryptographic hash.

Methods

Name	Date	Method	Description
BlackEnergy	2007	--	BlackEnergy hashes data via WinCrypt. [1]
BlackEnergy	2007	C0029.001	BlackEnergy hashes data with MD5. [1]
BlackEnergy	2007	C0029.002	BlackEnergy hashes data using SHA1. [1]
Kovter	2016	--	Kovter hashes data via WinCrypt. [1]
Redhip	2011	--	Redhip hashes data via WinCrypt. [1]
Redhip	2011	C0029.002	Redhip hashes data using SHA1. [1]
UP007	2016	C0029.002	UP007 hashes data using SHA1. [1]

Tool: capa	Mapping	APIs
hash data via WinCrypt	Cryptographic Hash (C0029)	advapi32.CryptHashData, advapi32.CryptGetHashParam
hash data using tiger	Cryptographic Hash::Tiger (C0029.005)	--
hash data using SHA1	Cryptographic Hash::SHA1 (C0029.002)	advapi32.CryptCreateHash, System.Security.Cryptography.SHA1Managed::ctor, System.Security.Cryptography.HashAlgorithm::ComputeHash
hash data using SHA256	Cryptographic Hash::SHA256 (C0029.003)	System.Security.Cryptography.SHA256Managed::Initialize, System.Security.Cryptography.SHA256CryptoServiceProvider::Initialize, System.Security.Cryptography.SHA256::Create, System.Security.Cryptography.SHA256Managed::ctor, System.Security.Cryptography.HashAlgorithm::ComputeHash
hash data with MD5	Cryptographic Hash::MD5 (C0029.001)	advapi32.CryptCreateHash, System.Security.Cryptography.MD5::Create, System.Security.Cryptography.MD5CryptoServiceProvider::ctor, System.Security.Cryptography.HashAlgorithm::ComputeHash
hash data using SHA224	Cryptographic Hash::SHA224 (C0029.004)	--
resolve function by FIN8 fasthash	Cryptographic Hash (C0029)	--

[1] capa v4.0, analyzed at MITRE on 10/12/2022