hiverat | d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f | Triage

Submit
Reports

Overview

overview

Static

static

d734a95229...0f.exe

windows7_x64

d734a95229...0f.exe

windows10-2004_x64

Sharing

General

Target

d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f
Size

644KB
Sample

220415-tkc9gahadp
MD5

d913182c7a9dd8a042fd88ea903f5ce2
SHA1

c2a7ed80c53cc53f0dd82f54f3585f064c144e1f
SHA256

d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f
SHA512

f2fc1446f4d96d3e1f875f78d7cfc82906845e42892648bea96899688eaae8c81bf98fd3cbf8a1bb7fa483a53c2ab4e21e3ad3c4b0a83d2e27a62ff215a007de

Score

10^/10

hiverat persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f.exe

Resource

win7-20220414-en

hiverat persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f.exe

Resource

win10v2004-20220414-en

hiverat persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f
- Size
  
  644KB
- MD5
  
  d913182c7a9dd8a042fd88ea903f5ce2
- SHA1
  
  c2a7ed80c53cc53f0dd82f54f3585f064c144e1f
- SHA256
  
  d734a95229f09cd5da88c9bbc0de8dffa9fe5d7b05408d15cf915b170e8da40f
- SHA512
  
  f2fc1446f4d96d3e1f875f78d7cfc82906845e42892648bea96899688eaae8c81bf98fd3cbf8a1bb7fa483a53c2ab4e21e3ad3c4b0a83d2e27a62ff215a007de
Score

10^/10

hiverat persistence rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hiveratpersistenceratstealer

behavioral2

hiveratpersistenceratstealer

© 2018-2024

Terms | Privacy