hiverat | 199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387 | Triage

Submit
Reports

Overview

overview

Static

static

199ebb6c60...87.exe

windows7_x64

199ebb6c60...87.exe

windows10-2004_x64

Sharing

General

Target

199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387
Size

308KB
Sample

220512-n4rcjsgcfp
MD5

54a02706c15bf0dddb9d35bf58a526ba
SHA1

7d2001110e9d32c66306c4269ef272dc75b3da0b
SHA256

199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387
SHA512

2ed63cd8ea52a2a084caba9f883cf926c71a8b097fc5e55977dcd3b62a5e26369df28a68f96e21e29e60a83affba6085c8e968a6fa6a9afc5c7c2dfe0471f25f

Score

10^/10

hiverat rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387.exe

Resource

win7-20220414-en

hiverat rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387.exe

Resource

win10v2004-20220414-en

hiverat rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387
- Size
  
  308KB
- MD5
  
  54a02706c15bf0dddb9d35bf58a526ba
- SHA1
  
  7d2001110e9d32c66306c4269ef272dc75b3da0b
- SHA256
  
  199ebb6c60b2f902613473a7b67552e5f1c3848ed0b55b0bb3d618362369f387
- SHA512
  
  2ed63cd8ea52a2a084caba9f883cf926c71a8b097fc5e55977dcd3b62a5e26369df28a68f96e21e29e60a83affba6085c8e968a6fa6a9afc5c7c2dfe0471f25f
Score

10^/10

hiverat rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- HiveRAT Payload
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hiveratratstealer

behavioral2

hiveratratstealer

© 2018-2024

Terms | Privacy