hiverat | deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62 | Triage

Submit
Reports

Overview

overview

Static

static

deb4b809f9...62.exe

windows7_x64

deb4b809f9...62.exe

windows10-2004_x64

Sharing

General

Target

deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
Size

7.6MB
Sample

220516-xfh6psehfj
MD5

efc5d47f6d5aa4dbd22cd109aa13ac30
SHA1

6427617947cca1dc78c5091dcb2c051ab8d5b949
SHA256

deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
SHA512

0bf945e9f5f84ed82df9d6c160fb495b0f0e121f86e03ee3cd7acad1e0059d914fffde6ea8e3322015aa184792bbd0f9e9f85697ef9a1d06e172b693f839af29

Score

10^/10

hiverat xmrig evasion miner rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62.exe

Resource

win7-20220414-en

hiverat xmrig evasion miner rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62.exe

Resource

win10v2004-20220414-en

hiverat xmrig evasion miner rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
- Size
  
  7.6MB
- MD5
  
  efc5d47f6d5aa4dbd22cd109aa13ac30
- SHA1
  
  6427617947cca1dc78c5091dcb2c051ab8d5b949
- SHA256
  
  deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
- SHA512
  
  0bf945e9f5f84ed82df9d6c160fb495b0f0e121f86e03ee3cd7acad1e0059d914fffde6ea8e3322015aa184792bbd0f9e9f85697ef9a1d06e172b693f839af29
Score

10^/10

hiverat xmrig evasion miner rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- HiveRAT Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- XMRig Miner Payload
  miner
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hiveratxmrigevasionminerratstealer

behavioral2

hiveratxmrigevasionminerratstealer

© 2018-2024

Terms | Privacy