hiverat | ad19a319f0d4a6be92f09a8525bcd769dfebfc1bbb79ecb2fe278ed5364e568b | Triage

Submit
Reports

Overview

overview

Static

static

IMG_INTE.exe

windows7_x64

IMG_INTE.exe

windows10-2004_x64

Sharing

General

Target

ad19a319f0d4a6be92f09a8525bcd769dfebfc1bbb79ecb2fe278ed5364e568b
Size

1.2MB
Sample

220521-by6ttscga4
MD5

d49fbc9dd708b8775fb0d392622f1c24
SHA1

435ff1e2ed3ab3c670e1692a6037dad9ffea4d70
SHA256

ad19a319f0d4a6be92f09a8525bcd769dfebfc1bbb79ecb2fe278ed5364e568b
SHA512

464de261c6bd8bea1f8e48d8762fdda302918410c6df0495acab932dc2bf5e40a2e90967b0818af2a633aaa9725c8562793627c0286b19b515f0686944f07d31

Score

10^/10

hiverat agilenet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

IMG_INTE.exe

Resource

win7-20220414-en

hiverat agilenet persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG_INTE.exe

Resource

win10v2004-20220414-en

hiverat persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  IMG_INTE.EXE
- Size
  
  713KB
- MD5
  
  af83e45292be69defcde71a4ff87ed5e
- SHA1
  
  d6fd4bd24923e2ba57d86117fd27d7248e84d3e1
- SHA256
  
  bf0d1bf23351a82eddca116c85801b4d1bbe328933e729c735226f9563432544
- SHA512
  
  08304dbe701ba59acf10f90ad5f3bfa9e0123c7caf9596659de139302c185d3fa2238b26bac6bd7fa64f92de8d57bf07766b2ba599b2137a88e4e42c5a4f6c03
Score

10^/10

hiverat agilenet persistence rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hiveratagilenetpersistenceratstealer

behavioral2

hiveratpersistenceratstealer

© 2018-2024

Terms | Privacy