hiverat | bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7 | Triage

Submit
Reports

Overview

overview

Static

static

bb46e6aad5...d7.exe

windows7_x64

bb46e6aad5...d7.exe

windows10-2004_x64

Sharing

General

Target

bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7
Size

444KB
Sample

220524-x9vftsaefm
MD5

3345d81272159ef8f2e837c836da04e3
SHA1

c073b1f55f53472efa4b3e0afc2399d0ec73eead
SHA256

bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7
SHA512

2de3e07219c4f4f7fd2f0787ca626a9a33f56e01e936f7a44275984c3021e73634d5cf30e250c7a632059bbfecdc8049316b959898a372ae3c598e5252fdcef4

Score

10^/10

hiverat persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7.exe

Resource

win7-20220414-en

hiverat persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7.exe

Resource

win10v2004-20220414-en

hiverat persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7
- Size
  
  444KB
- MD5
  
  3345d81272159ef8f2e837c836da04e3
- SHA1
  
  c073b1f55f53472efa4b3e0afc2399d0ec73eead
- SHA256
  
  bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7
- SHA512
  
  2de3e07219c4f4f7fd2f0787ca626a9a33f56e01e936f7a44275984c3021e73634d5cf30e250c7a632059bbfecdc8049316b959898a372ae3c598e5252fdcef4
Score

10^/10

hiverat persistence rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hiveratpersistenceratstealer

behavioral2

hiveratpersistenceratstealer

© 2018-2024

Terms | Privacy