hiverat | a342e3327fc258c1634ffd9e27f0635bd2dc8aeada903d2cac0c5e1ab2e00811 | Triage

Submit
Reports

Overview

overview

Static

static

ConsoleSni...er.exe

windows7_x64

ConsoleSni...er.exe

windows10_x64

Sharing

General

Target

ConsoleSniffer v4.1 installer.exe
Size

7.9MB
Sample

210620-jzsbqztbv2
MD5

61d8ca5f3ec331a08c9032840b99eb5b
SHA1

dc73d785c3e899a58a5616239e89d3fd3d49bb93
SHA256

a342e3327fc258c1634ffd9e27f0635bd2dc8aeada903d2cac0c5e1ab2e00811
SHA512

f8150b1be4559c350467bfb941e6fee1d3dbcd97111e92d55edc047f9fde6b8bc7f63cdbd595f6378e781cadaa69eeeda38d440f02792a48562523e7d97b7ebb

Score

10^/10

hiverat rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

ConsoleSniffer v4.1 installer.exe

Resource

win7v20210410

hiverat rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ConsoleSniffer v4.1 installer.exe

Resource

win10v20210408

hiverat rat stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ConsoleSniffer v4.1 installer.exe
- Size
  
  7.9MB
- MD5
  
  61d8ca5f3ec331a08c9032840b99eb5b
- SHA1
  
  dc73d785c3e899a58a5616239e89d3fd3d49bb93
- SHA256
  
  a342e3327fc258c1634ffd9e27f0635bd2dc8aeada903d2cac0c5e1ab2e00811
- SHA512
  
  f8150b1be4559c350467bfb941e6fee1d3dbcd97111e92d55edc047f9fde6b8bc7f63cdbd595f6378e781cadaa69eeeda38d440f02792a48562523e7d97b7ebb
Score

10^/10

hiverat rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hiveratratstealer

behavioral2

hiveratratstealer

© 2018-2024

Terms | Privacy