General
-
Target
d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2
-
Size
409KB
-
Sample
220824-rwz69sefbj
-
MD5
3aca4d9a22354045ff6fdcd0e666c585
-
SHA1
66f89e387b82cdba9f33c9120bd9062ec49626b1
-
SHA256
d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2
-
SHA512
49e58b10b708a0e6c50c93d54b0c3ee20afb2f04ccbde3879964bc134e7acf5deaeb3a3ed49db2b295f5eb63b9cc36f4dda91523ad9004a4a2f9d75dd1311b9c
-
SSDEEP
12288:s2oYr2iNix8e9TUUncNqJ8F2DbboP6252WjQYT:s2oYr1kxf9TUU1i4Hk64djt
Static task
static1
Behavioral task
behavioral1
Sample
d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
arrowrat
CSCXMG
185.143.223.73:1338
584MAK
Targets
-
-
Target
d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2
-
Size
409KB
-
MD5
3aca4d9a22354045ff6fdcd0e666c585
-
SHA1
66f89e387b82cdba9f33c9120bd9062ec49626b1
-
SHA256
d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2
-
SHA512
49e58b10b708a0e6c50c93d54b0c3ee20afb2f04ccbde3879964bc134e7acf5deaeb3a3ed49db2b295f5eb63b9cc36f4dda91523ad9004a4a2f9d75dd1311b9c
-
SSDEEP
12288:s2oYr2iNix8e9TUUncNqJ8F2DbboP6252WjQYT:s2oYr1kxf9TUU1i4Hk64djt
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-