Overview

overview

10

Static

static

4c49b30cf4...cd.exe

windows7_x64

10

4c49b30cf4...cd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c49b30cf4a26820a2f28c0484094613b2c683f1d501bacddc774195624d44cd

  • Size

    336KB

  • Sample

    220508-gz5aaahba8

  • MD5

    91e106a5e590b4f24d0ebc1968ea3fe5

  • SHA1

    f76cfc548c96e0715b8927e7da4a6fc3048880c2

  • SHA256

    4c49b30cf4a26820a2f28c0484094613b2c683f1d501bacddc774195624d44cd

  • SHA512

    b2504d1d065b9b046e8afd35c2d5999f5f1dddb00995c1157ff3131b49c1b7c65cf3110f9b50ef306f9b9a31fd676e7b5331b82adb5b3c542d9a43d272e4bf1d

Score
10/10
hiveratratstealer

Malware Config

Targets

    • Target

      4c49b30cf4a26820a2f28c0484094613b2c683f1d501bacddc774195624d44cd

    • Size

      336KB

    • MD5

      91e106a5e590b4f24d0ebc1968ea3fe5

    • SHA1

      f76cfc548c96e0715b8927e7da4a6fc3048880c2

    • SHA256

      4c49b30cf4a26820a2f28c0484094613b2c683f1d501bacddc774195624d44cd

    • SHA512

      b2504d1d065b9b046e8afd35c2d5999f5f1dddb00995c1157ff3131b49c1b7c65cf3110f9b50ef306f9b9a31fd676e7b5331b82adb5b3c542d9a43d272e4bf1d

    Score
    10/10
    hiveratratstealer

    • HiveRAT

      HiveRAT is an improved version of FirebirdRAT with various capabilities.

      ratstealerhiverat

    • HiveRAT Payload

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks