General

  • Target

    Slip_063b22.txt

  • Size

    2.5MB

  • Sample

    220902-r6b77aaaf3

  • MD5

    9fc63544f95d6597481b2ad968d956bd

  • SHA1

    99a6b796833db909cff3d3d8678652216c9b9bd4

  • SHA256

    0dedc8d99e368addcf1950fd4656b8c95800210b2b5e152880634aaa37c27c81

  • SHA512

    a64d99e979e2e12ebe5a3fe03234d4b4f60c089922ead4906c3cd61eb4be04e485d0959e34bc237add4c12dfbaf4d946b1953ce0d3539f8fc61902601bd06713

  • SSDEEP

    49152:+w80cTsjkWaFsWTfnmxsD8+sjYlaMx7WB/udhrWzBVb:D8sjkWkmSiYlnx6Fud9Wz

Score
10/10

Malware Config

Targets

    • Target

      Slip_063b22.txt

    • Size

      2.5MB

    • MD5

      9fc63544f95d6597481b2ad968d956bd

    • SHA1

      99a6b796833db909cff3d3d8678652216c9b9bd4

    • SHA256

      0dedc8d99e368addcf1950fd4656b8c95800210b2b5e152880634aaa37c27c81

    • SHA512

      a64d99e979e2e12ebe5a3fe03234d4b4f60c089922ead4906c3cd61eb4be04e485d0959e34bc237add4c12dfbaf4d946b1953ce0d3539f8fc61902601bd06713

    • SSDEEP

      49152:+w80cTsjkWaFsWTfnmxsD8+sjYlaMx7WB/udhrWzBVb:D8sjkWkmSiYlnx6Fud9Wz

    Score
    10/10
    • HiveRAT

      HiveRAT is an improved version of FirebirdRAT with various capabilities.

    • HiveRAT payload

    • Drops startup file

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks