Overview

overview

10

Static

static

P.O_000698...df.exe

windows7_x64

10

P.O_000698...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f783068f1ecfe069c05c77b74493323f6c8d4533eb1a07d20607c0e71f3c5f7

  • Size

    496KB

  • Sample

    220502-syd79aafgl

  • MD5

    0c49f610eb64aae309e82ddae4f80302

  • SHA1

    f7d4a695ea8e89416feec3557366cfb9c3236385

  • SHA256

    6f783068f1ecfe069c05c77b74493323f6c8d4533eb1a07d20607c0e71f3c5f7

  • SHA512

    9e70c7e2154be7d0b62b86dbb26d5fb2b544b39325b50c72e136857867606470d36d953a3a6f5da1d743f9252f74481c221234a72f95f99a80e866bf3533ce79

Score
10/10
hiveratcollectionratstealer

Malware Config

Targets

    • Target

      P.O_0006983487302.pdf.exe

    • Size

      598KB

    • MD5

      d2ef78f2e95fd63a7c3676a54b85e883

    • SHA1

      9de4079b9fccd85008b62ba0d9babd336b2085fb

    • SHA256

      10f498318649269d13cbcdbcd785caec6e314cf55321ed4bac10b5186d51ca18

    • SHA512

      1e97b737857b6f434d25e63e52bc76f0ba3dd21d98fa9333346e08207f5b51f7206ef0bb9a7fc1747914bd0da8062a1c5a57b94c816736c87fd0667eaf4c40ac

    Score
    10/10
    hiveratcollectionratstealer

    • HiveRAT

      HiveRAT is an improved version of FirebirdRAT with various capabilities.

      ratstealerhiverat

    • HiveRAT Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks