hiverat | dacb1f83bda72e3242b9f541134724ff871ddbb671afb0698d357fafadf43ef0 | Triage

Submit
Reports

Overview

overview

Static

static

P.O-004905...df.exe

windows7_x64

P.O-004905...df.exe

windows10-2004_x64

Sharing

General

Target

dacb1f83bda72e3242b9f541134724ff871ddbb671afb0698d357fafadf43ef0
Size

506KB
Sample

220420-cmk9esdbem
MD5

9a268fbf3ac57ff1e1b9c1a35beec8ed
SHA1

85f73d4611782274f4c06045222316e8b444897c
SHA256

dacb1f83bda72e3242b9f541134724ff871ddbb671afb0698d357fafadf43ef0
SHA512

7f06464ebf4afdd0178acfd73f6356e841d829caf9806930db7a018db17d5a260c74a2ebcf9d1c5652e199b4b092f0b1cf0ced04efe6d7024a5b035ae8d16730

Score

10^/10

hiverat collection rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

P.O-00490585693.pdf.exe

Resource

win7-20220414-en

hiverat collection rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

P.O-00490585693.pdf.exe

Resource

win10v2004-20220414-en

hiverat collection rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.unalanguvenlik.com
Port:
587
Username:
[email protected]
Password:
selection2018

Targets

- Target
  
  P.O-00490585693.pdf.exe
- Size
  
  570KB
- MD5
  
  d9d9b12977e4df98046692a0a47d4ca9
- SHA1
  
  2d5c0fbf770c944443d52a2b0088e9077001838d
- SHA256
  
  7ca2e77373e52431f89441df57949f8ed73f5d3cf5873f964b4c00446770d5fe
- SHA512
  
  f055dfd784ff1e346d6a4fa759f0e38b1fb80c8086f9b306c7b53eb14e7e2af627fe41eee892d1e5cf2a7f3a2e2801dfbad5fcadf1b69a1b3e56daa505573d0f
Score

10^/10

hiverat collection rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hiveratcollectionratstealer

behavioral2

hiveratcollectionratstealer

© 2018-2024

Terms | Privacy