hiverat | 0dedc8d99e368addcf1950fd4656b8c95800210b2b5e152880634aaa37c27c81 | Triage

Submit
Reports

Overview

overview

Static

static

5

Slip_063b22.exe

windows7-x64

Slip_063b22.exe

windows10-2004-x64

Sharing

General

Target

Slip_063b22.txt
Size

2.5MB
Sample

220902-r6b77aaaf3
MD5

9fc63544f95d6597481b2ad968d956bd
SHA1

99a6b796833db909cff3d3d8678652216c9b9bd4
SHA256

0dedc8d99e368addcf1950fd4656b8c95800210b2b5e152880634aaa37c27c81
SHA512

a64d99e979e2e12ebe5a3fe03234d4b4f60c089922ead4906c3cd61eb4be04e485d0959e34bc237add4c12dfbaf4d946b1953ce0d3539f8fc61902601bd06713
SSDEEP

49152:+w80cTsjkWaFsWTfnmxsD8+sjYlaMx7WB/udhrWzBVb:D8sjkWkmSiYlnx6Fud9Wz

Score

10^/10

hiverat rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Slip_063b22.exe

Resource

win7-20220812-en

hiverat rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Slip_063b22.exe

Resource

win10v2004-20220812-en

hiverat rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Slip_063b22.txt
- Size
  
  2.5MB
- MD5
  
  9fc63544f95d6597481b2ad968d956bd
- SHA1
  
  99a6b796833db909cff3d3d8678652216c9b9bd4
- SHA256
  
  0dedc8d99e368addcf1950fd4656b8c95800210b2b5e152880634aaa37c27c81
- SHA512
  
  a64d99e979e2e12ebe5a3fe03234d4b4f60c089922ead4906c3cd61eb4be04e485d0959e34bc237add4c12dfbaf4d946b1953ce0d3539f8fc61902601bd06713
- SSDEEP
  
  49152:+w80cTsjkWaFsWTfnmxsD8+sjYlaMx7WB/udhrWzBVb:D8sjkWkmSiYlnx6Fud9Wz
Score

10^/10

hiverat rat stealer
- HiveRAT
  HiveRAT is an improved version of FirebirdRAT with various capabilities.
  rat stealer hiverat
- HiveRAT payload
- Drops startup file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hiveratratstealer

behavioral2

hiveratratstealer

© 2018-2024

Terms | Privacy