hiverat | 4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454 | Triage

Submit
Reports

Overview

overview

Static

static

GAMESPOR.exe

windows7_x64

GAMESPOR.exe

windows10-2004_x64

Sharing

General

Target

4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454
Size

1.2MB
Sample

220521-dm1vjsfhh3
MD5

f1db0a2cf6c9d7698bad49f9bd619525
SHA1

8f395ce41c719a572ac0070dcc52d1900af6667b
SHA256

4037e5b24219d7adaa936d19be9d0d7b2c42385ff8242e011a9aa02094d24454
SHA512

84cc6dd33fad952ef5801309d9d9fd9786ac7933fc78035538565f69a85dc5f4a4098b03e5db35d0a774b28986375d07744f010a1c5de317425d5357f28368f3

Score

10^/10

hiverat rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

GAMESPOR.exe

Resource

win7-20220414-en

hiverat rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GAMESPOR.exe

Resource

win10v2004-20220414-en

hiverat rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  GAMESPOR.EXE
- Size
  
  719KB
- MD5
  
  5d6b01b87783fd49b95ee6570c69ad19
- SHA1
  
  de96bc61f52d5d7f790d84ab6ad54ae178211c2d
- SHA256
  
  a25220d36761cb66dd0802e6bc007a963f4d6caea2f1cba85b078171766d6311
- SHA512
  
  afb9a8b288f5e4775949968d531358bf507e0a94a74aa29262cee2b6cee25af13453131b1236e96d55a2387d44aefb8bf1686344d4ae336bea55aa906a62c720
Score

10^/10

hiverat rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hiveratratstealer

behavioral2

hiveratratstealer

© 2018-2024

Terms | Privacy