is a Remote Access Trojan (RAT) and information stealer first reported in mid-2020. It is often distributed as an archive (e.g., HIVERAT.rar ) or disguised as a "cracked" version of legitimate software. Type: Remote Access Trojan (RAT) / Stealer Platform: Windows (.NET based) Key Capability: Full remote control and credential theft Risk Level: High (Allows complete system compromise) 🔍 Technical Analysis 1. Delivery & Execution
May modify autorun registry keys to ensure it launches every time the computer restarts. 3. Network Activity (C2) HIVERAT.rar
Reads the computer name and system information to identify the target. is a Remote Access Trojan (RAT) and information
Includes features for monitoring the victim's desktop and keyboard activity. Delivery & Execution May modify autorun registry keys
HiveRAT communicates with a Command and Control (C2) server to receive instructions and exfiltrate stolen data. Security tools have identified specific signatures for HiveRAT's C2 traffic. Indicators of Compromise (IoCs) HIVERAT.rar or HiveRAT Cracked.exe Behaviors: Writing new executables to temporary folders.
New, suspicious entries in the Windows folder or Registry Run keys. 🛠️ Mitigation & Safety If you have encountered this file: Do not extract or run the contents of the archive. Quarantine/Delete the file immediately. Run a Full Scan with a reputable antivirus provider.
I can provide more specific details if you have a of your specific sample or if you'd like to see a list of common file paths it uses for persistence. Would you like a list of detection rules (like Sigma or Yara) for this threat? New Families and Detection Updates - Hatching Triage