Overview

overview

10

Static

static

10

PandoraHVN...I2.dll

windows10-2004-x64

1

PandoraHVN...ne.exe

windows10-2004-x64

7

PandoraHVN...er.exe

windows10-2004-x64

1

PandoraHVN...nt.exe

windows10-2004-x64

10

Resubmissions

27-09-2022 18:23

220927-w1p93sebd2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PandoraHVNC.rar

  • Size

    3.8MB

  • Sample

    220927-w1p93sebd2

  • MD5

    70642b74435f394d8c7001c4248fbd92

  • SHA1

    685c77def902375c54b4122d0f289e1921346943

  • SHA256

    e6fde59ccd2ab23714b2e7f32551226651e8367d459447dae2d9b80a20afbd22

  • SHA512

    1432200d8cf3c9aab2cbbf03525964b8604268bd60328a8b0346738d8a6d7fc5dc4ee06a19dd0cd619dab1643de842893369683c560e8f3fb92bf37a4cffe428

  • SSDEEP

    98304:0oPStM8K1DMidjhf27SjvqBYw5CEU1Lyohkc+u5UiXGxTQ:iZ+ZRBjvQZkEU1LyohUo/XGxTQ

Score
10/10
arrowratclient nameagilenetrat

Malware Config

Extracted

Family

arrowrat

Botnet

Client Name

C2

127.0.0.1:1337

Mutex

Mutex

Targets

    • Target

      PandoraHVNC/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      aca7f1ca2525160b85404e638732bd87

    • SHA1

      612b5fa896871ee2f8f5710ac4bc63701cb96e4f

    • SHA256

      bf7fd5efcd54d00bfda76187cb3f04dd36bb38d9b36b505e1493cffb7a7f3d9e

    • SHA512

      dbf6624da29167ac67ef8e2fbfa1a350f00f850a1c029fe427d54ddbc3299331633ee8e1c076cd54ff02fa219fbe9ab0397e89c1a32d502ccdd150df55e25ae3

    • SSDEEP

      49152:tvU6fD73waJnBA5lV8jldVmIgA5iKOvhn:tvU6vznglEldVmIJi/vt

    Score
    1/10
    behavioral1

    • Target

      PandoraHVNC/PandorahVNC - Cracked By BoBhitBine.exe

    • Size

      5.1MB

    • MD5

      4c3338c73014a5fd124c4b5b1538e80f

    • SHA1

      d6058fca565ef43355999ba3a42f7e26dcf9e495

    • SHA256

      4ac535cf37a71be57dacd5677b09efd8bb216eb77e467313426e2edbf1600ab1

    • SHA512

      00c61a16e2f5ecb00c9037410d316a53bd97cd654cca4272faf71c29a060f525d53f279c273daa8d79f44ff1e6c778e4870c342a5eb40fe48054481796abdfde

    • SSDEEP

      98304:6HB41DSe6NtONC25oD83lB41N+CIw6Se6Nt9C25o:6ADSe6PONC2K83KN+CIw6Se6P9C2

    Score
    7/10
    agilenet

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral2

    • Target

      PandoraHVNC/builder/Pandora Client Builder.exe

    • Size

      5.0MB

    • MD5

      3716185e55790072076a961fa9629ab8

    • SHA1

      df8e3cc0ba2dc454e254d96534483ef23b805d53

    • SHA256

      0737fc32aafdc1b6cc12efd32581e0a208c84d5760ab2d77c3c525d34fe333a6

    • SHA512

      05d94fc3d6a097293c396e276032a77cd07a73358c9cd1b17839b946a8f554ef0c91a198ffb758d220de475ead01d10cf0109379e62c7e6be4112b62a19dcf75

    • SSDEEP

      49152:tOUthyZ67WMAxUrgK7c80IirMPr2/3xv3m:vt2j1+dcxIiWr2g

    Score
    1/10
    behavioral3

    • Target

      PandoraHVNC/builder/Stub/client.bin

    • Size

      158KB

    • MD5

      84c7dfc6c975fb3391adf8fd27e0dfae

    • SHA1

      cb793feddca0194a5c011a2a5e581ab2510c0035

    • SHA256

      b4f1b5a47175722b1a9230b934c227dc6b6a06bb5d8e6d0713bbaec35c34a44e

    • SHA512

      c250948d2f5cce26de34083d8d5051a10f90b070aab7ddb187934c9caaab7067725e822108444a4acc3bb64dc730efca5877446ff7a34ea5443042f68215f279

    • SSDEEP

      3072:Wbh0gAyRWW+0OMmlxvTltwLpBTkgIDeGIl3WNSmNJR1GddKqeCgqVbbp/YouwJbB:Wbh0LL0OrdltyB7dWY0J6ddKwpgouYn8

    Score
    10/10
    arrowratclient namerat

    • ArrowRat

      Remote access tool with various capabilities first seen in late 2021.

      ratarrowrat
    behavioral4

MITRE ATT&CK Matrix

Tasks