General

  • Target

    d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2

  • Size

    409KB

  • Sample

    220824-rwz69sefbj

  • MD5

    3aca4d9a22354045ff6fdcd0e666c585

  • SHA1

    66f89e387b82cdba9f33c9120bd9062ec49626b1

  • SHA256

    d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2

  • SHA512

    49e58b10b708a0e6c50c93d54b0c3ee20afb2f04ccbde3879964bc134e7acf5deaeb3a3ed49db2b295f5eb63b9cc36f4dda91523ad9004a4a2f9d75dd1311b9c

  • SSDEEP

    12288:s2oYr2iNix8e9TUUncNqJ8F2DbboP6252WjQYT:s2oYr1kxf9TUU1i4Hk64djt

Malware Config

Extracted

Family

arrowrat

Botnet

CSCXMG

C2

185.143.223.73:1338

Mutex

584MAK

Targets

    • Target

      d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2

    • Size

      409KB

    • MD5

      3aca4d9a22354045ff6fdcd0e666c585

    • SHA1

      66f89e387b82cdba9f33c9120bd9062ec49626b1

    • SHA256

      d629910646ed027d268ead062571a8d1a9033c03214112116194c70eae986df2

    • SHA512

      49e58b10b708a0e6c50c93d54b0c3ee20afb2f04ccbde3879964bc134e7acf5deaeb3a3ed49db2b295f5eb63b9cc36f4dda91523ad9004a4a2f9d75dd1311b9c

    • SSDEEP

      12288:s2oYr2iNix8e9TUUncNqJ8F2DbboP6252WjQYT:s2oYr1kxf9TUU1i4Hk64djt

    • ArrowRat

      Remote access tool with various capabilities first seen in late 2021.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Modifies Installed Components in the registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.