Overview

overview

10

Static

static

10

bb46e6aad5...d7.exe

windows7_x64

10

bb46e6aad5...d7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7

  • Size

    444KB

  • Sample

    220524-x9vftsaefm

  • MD5

    3345d81272159ef8f2e837c836da04e3

  • SHA1

    c073b1f55f53472efa4b3e0afc2399d0ec73eead

  • SHA256

    bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7

  • SHA512

    2de3e07219c4f4f7fd2f0787ca626a9a33f56e01e936f7a44275984c3021e73634d5cf30e250c7a632059bbfecdc8049316b959898a372ae3c598e5252fdcef4

Score
10/10
hiveratpersistenceratstealer

Malware Config

Targets

    • Target

      bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7

    • Size

      444KB

    • MD5

      3345d81272159ef8f2e837c836da04e3

    • SHA1

      c073b1f55f53472efa4b3e0afc2399d0ec73eead

    • SHA256

      bb46e6aad59864e3e4826189809c7fdb8a449f69817723ff2039147e3ec020d7

    • SHA512

      2de3e07219c4f4f7fd2f0787ca626a9a33f56e01e936f7a44275984c3021e73634d5cf30e250c7a632059bbfecdc8049316b959898a372ae3c598e5252fdcef4

    Score
    10/10
    hiveratpersistenceratstealer

    • HiveRAT

      HiveRAT is an improved version of FirebirdRAT with various capabilities.

      ratstealerhiverat

    • HiveRAT Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks