hiverat | a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda | Triage

Submit
Reports

Overview

overview

Static

static

a46567a777...da.exe

windows7_x64

1

a46567a777...da.exe

windows10-2004_x64

Sharing

General

Target

a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda
Size

1.0MB
Sample

220307-m6pq3adfe7
MD5

afe4e90346ac017ed843b9fe74e00032
SHA1

506f4f9d82287a4e0b85e2cf7e9564b00755aa67
SHA256

a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda
SHA512

e4294ca191d9966cffb39f172e9a739952a7b825779caf2fce7960c58600944f17bdd734854b9e1f3b3309a92c21538fb079cc874f19064aa2723e3eea7f983d

Score

10^/10

hiverat persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda.exe

Resource

win10v2004-en-20220113

hiverat persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda
- Size
  
  1.0MB
- MD5
  
  afe4e90346ac017ed843b9fe74e00032
- SHA1
  
  506f4f9d82287a4e0b85e2cf7e9564b00755aa67
- SHA256
  
  a46567a777b8db98976386d1540efa10f866d5f902fbce7cc159182d6d831fda
- SHA512
  
  e4294ca191d9966cffb39f172e9a739952a7b825779caf2fce7960c58600944f17bdd734854b9e1f3b3309a92c21538fb079cc874f19064aa2723e3eea7f983d
Score

10^/10

hiverat persistence rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hiveratpersistenceratstealer

© 2018-2025

Terms | Privacy