hiverat | ddb95e81345469771c505272274d21eb2e317ed8c46e0b679362df7cbf52ba6c | Triage

Submit
Reports

Overview

overview

Static

static

a57c882289...1a.exe

windows7_x64

a57c882289...1a.exe

windows10-2004_x64

Resubmissions

07-07-2022 07:37

220707-jfvmvafbem 10

09-12-2020 10:28

201209-grdfth2a4s 9

Sharing

General

Target

a57c8822899013c8d0bbd87b4c36821a.exe
Size

341KB
Sample

220707-jfvmvafbem
MD5

a57c8822899013c8d0bbd87b4c36821a
SHA1

54da561ef6e0d2c368aca185ee828d67543fbf9e
SHA256

ddb95e81345469771c505272274d21eb2e317ed8c46e0b679362df7cbf52ba6c
SHA512

e070796a826d125787f875a587ada069799507f6fe842f05c5963d9080ee255b5a2d7097f996cfb19f9b08120beb6b47f722e17d3818ee09accdc5ae3354d247

Score

10^/10

hiverat rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

a57c8822899013c8d0bbd87b4c36821a.exe

Resource

win7-20220414-en

hiverat rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a57c8822899013c8d0bbd87b4c36821a.exe

Resource

win10v2004-20220414-en

hiverat rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a57c8822899013c8d0bbd87b4c36821a.exe
- Size
  
  341KB
- MD5
  
  a57c8822899013c8d0bbd87b4c36821a
- SHA1
  
  54da561ef6e0d2c368aca185ee828d67543fbf9e
- SHA256
  
  ddb95e81345469771c505272274d21eb2e317ed8c46e0b679362df7cbf52ba6c
- SHA512
  
  e070796a826d125787f875a587ada069799507f6fe842f05c5963d9080ee255b5a2d7097f996cfb19f9b08120beb6b47f722e17d3818ee09accdc5ae3354d247
Score

10^/10

hiverat rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- HiveRAT Payload
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hiveratratstealer

behavioral2

hiveratratstealer

© 2018-2024

Terms | Privacy