General
-
Target
bin.exe
-
Size
373KB
-
MD5
d9e247df13e357c75a900eb0eee162b0
-
SHA1
1b35df8dc92cbac67a176e8e11a841aa80a43e6f
-
SHA256
7fe99ef31eea4b782b70873523f7735757b51e6ed9e1841364066764883786cb
-
SHA512
25d792771eab63be35e7a4abf58f2a37ca9190ca0932b6d8079e2dfa64ba354d0317989f3b5eb96258c7be1ac36591f13ddc46caccf86c56336f4df921c68abb
-
SSDEEP
6144:HdOxcw4siPz0Rlzby1HehUsJ7/hgUvjUhVfjzby1HehU:HQLiPz0RlKRmthFYVfjKR
Malware Config
Signatures
-
HiveRAT payload 1 IoCs
resource yara_rule sample family_hiverat -
Hiverat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bin.exe
Files
-
bin.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 298KB - Virtual size: 298KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bed Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 65KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ