arrowrat | e6fde59ccd2ab23714b2e7f32551226651e8367d459447dae2d9b80a20afbd22 | Triage

Sharing

General

Target

PandoraHVNC.rar
Size

3.8MB
Sample

220926-l479ysbegq
MD5

70642b74435f394d8c7001c4248fbd92
SHA1

685c77def902375c54b4122d0f289e1921346943
SHA256

e6fde59ccd2ab23714b2e7f32551226651e8367d459447dae2d9b80a20afbd22
SHA512

1432200d8cf3c9aab2cbbf03525964b8604268bd60328a8b0346738d8a6d7fc5dc4ee06a19dd0cd619dab1643de842893369683c560e8f3fb92bf37a4cffe428
SSDEEP

98304:0oPStM8K1DMidjhf27SjvqBYw5CEU1Lyohkc+u5UiXGxTQ:iZ+ZRBjvQZkEU1LyohUo/XGxTQ

Score

10^/10

arrowrat client name agilenet

Malware Config

Extracted

Family

arrowrat

Botnet

Client Name

C2

127.0.0.1:1337

Mutex

Mutex

Targets

- Target
  
  PandoraHVNC/PandorahVNC - Cracked By BoBhitBine.exe
- Size
  
  5.1MB
- MD5
  
  4c3338c73014a5fd124c4b5b1538e80f
- SHA1
  
  d6058fca565ef43355999ba3a42f7e26dcf9e495
- SHA256
  
  4ac535cf37a71be57dacd5677b09efd8bb216eb77e467313426e2edbf1600ab1
- SHA512
  
  00c61a16e2f5ecb00c9037410d316a53bd97cd654cca4272faf71c29a060f525d53f279c273daa8d79f44ff1e6c778e4870c342a5eb40fe48054481796abdfde
- SSDEEP
  
  98304:6HB41DSe6NtONC25oD83lB41N+CIw6Se6Nt9C25o:6ADSe6PONC2K83KN+CIw6Se6P9C2
Score

7^/10

agilenet
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2 behavioral3
- Target
  
  PandoraHVNC/builder/Pandora Client Builder.exe
- Size
  
  5.0MB
- MD5
  
  3716185e55790072076a961fa9629ab8
- SHA1
  
  df8e3cc0ba2dc454e254d96534483ef23b805d53
- SHA256
  
  0737fc32aafdc1b6cc12efd32581e0a208c84d5760ab2d77c3c525d34fe333a6
- SHA512
  
  05d94fc3d6a097293c396e276032a77cd07a73358c9cd1b17839b946a8f554ef0c91a198ffb758d220de475ead01d10cf0109379e62c7e6be4112b62a19dcf75
- SSDEEP
  
  49152:tOUthyZ67WMAxUrgK7c80IirMPr2/3xv3m:vt2j1+dcxIiWr2g
Score

1^/10
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Matrix

Tasks

static1

agilenetclient namearrowrat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6