ID | C0029 |
Objective(s) | Cryptography |
Related ATT&CK Techniques | None |
Version | 2.0 |
Created | 13 October 2020 |
Last Modified | 5 December 2023 |
Malware may use a cryptographic hash.
Name | ID | Description |
---|---|---|
MD5 | C0029.001 | Malware uses an MD5 hash. |
SHA1 | C0029.002 | Malware uses a SHA-1 hash. |
SHA224 | C0029.004 | Malware uses a SHA-224 hash. |
SHA256 | C0029.003 | Malware uses a SHA-256 hash. |
Snefru | C0029.006 | Malware uses a Snefru hash. |
Tiger | C0029.005 | Malware uses a Tiger hash. |
Name | Date | Method | Description |
---|---|---|---|
BlackEnergy | 2007 | -- | BlackEnergy hashes data via WinCrypt. [1] |
BlackEnergy | 2007 | C0029.001 | BlackEnergy hashes data with MD5. [1] |
BlackEnergy | 2007 | C0029.002 | BlackEnergy hashes data using SHA1. [1] |
Kovter | 2016 | -- | Kovter hashes data via WinCrypt. [1] |
Redhip | 2011 | -- | Redhip hashes data via WinCrypt. [1] |
Redhip | 2011 | C0029.002 | Redhip hashes data using SHA1. [1] |
UP007 | 2016 | C0029.002 | UP007 hashes data using SHA1. [1] |
Tool: capa | Mapping | APIs |
---|---|---|
hash data via WinCrypt | Cryptographic Hash (C0029) | advapi32.CryptHashData, advapi32.CryptGetHashParam |
hash data using tiger | Cryptographic Hash::Tiger (C0029.005) | -- |
hash data using SHA1 | Cryptographic Hash::SHA1 (C0029.002) | advapi32.CryptCreateHash, System.Security.Cryptography.SHA1Managed::ctor, System.Security.Cryptography.HashAlgorithm::ComputeHash |
hash data using SHA256 | Cryptographic Hash::SHA256 (C0029.003) | System.Security.Cryptography.SHA256Managed::Initialize, System.Security.Cryptography.SHA256CryptoServiceProvider::Initialize, System.Security.Cryptography.SHA256::Create, System.Security.Cryptography.SHA256Managed::ctor, System.Security.Cryptography.HashAlgorithm::ComputeHash |
hash data with MD5 | Cryptographic Hash::MD5 (C0029.001) | advapi32.CryptCreateHash, System.Security.Cryptography.MD5::Create, System.Security.Cryptography.MD5CryptoServiceProvider::ctor, System.Security.Cryptography.HashAlgorithm::ComputeHash |
hash data using SHA224 | Cryptographic Hash::SHA224 (C0029.004) | -- |
resolve function by FIN8 fasthash | Cryptographic Hash (C0029) | -- |
[1] capa v4.0, analyzed at MITRE on 10/12/2022