hiverat | 84e2088ea38d600fd562925b840117483cf4683573e92106c23c19bdfae2f878 | Triage

Submit
Reports

Overview

overview

Static

static

Booking Co...DF.exe

windows7_x64

Booking Co...DF.exe

windows10-2004_x64

Resubmissions

07-07-2022 07:38

220707-jgwxasfbgj 10

06-11-2020 17:38

201106-dv6jg3j51e 8

Sharing

General

Target

Booking Confirmation 110492024951 - copy - PDF.exe
Size

783KB
Sample

220707-jgwxasfbgj
MD5

f867516ec5e600fb4af968c71b9a2a80
SHA1

701970eb6a98cbc8661562155796f0491cf36efe
SHA256

84e2088ea38d600fd562925b840117483cf4683573e92106c23c19bdfae2f878
SHA512

d694a4898a7bca9aa1f9bfa20ca38c2768a608afc80b8dfa9a7bbbdc0740f7bab7514813530cec3ea66ce2b89cb916fcbbc94214d4859b8c98742e08ef486c41

Score

10^/10

hiverat persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

Booking Confirmation 110492024951 - copy - PDF.exe

Resource

win7-20220414-en

hiverat persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Booking Confirmation 110492024951 - copy - PDF.exe

Resource

win10v2004-20220414-en

hiverat persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Booking Confirmation 110492024951 - copy - PDF.exe
- Size
  
  783KB
- MD5
  
  f867516ec5e600fb4af968c71b9a2a80
- SHA1
  
  701970eb6a98cbc8661562155796f0491cf36efe
- SHA256
  
  84e2088ea38d600fd562925b840117483cf4683573e92106c23c19bdfae2f878
- SHA512
  
  d694a4898a7bca9aa1f9bfa20ca38c2768a608afc80b8dfa9a7bbbdc0740f7bab7514813530cec3ea66ce2b89cb916fcbbc94214d4859b8c98742e08ef486c41
Score

10^/10

hiverat persistence rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hiveratpersistenceratstealer

behavioral2

hiveratpersistenceratstealer

© 2018-2024

Terms | Privacy