General
-
Target
Stub.exe
-
Size
155KB
-
Sample
221010-t3ng6acef4
-
MD5
27055f0656283c1bcdafec2beeee39d5
-
SHA1
06947c8acfcc7fa067e761ba76d2ef250fba97ad
-
SHA256
fb48bb91678c696679b72b046aa24ecddb98c4ccf65d068393cdb722cdba8caa
-
SHA512
0ae5ed68882e75ed59ecf0cccd3cfaf7ae40add418416bdc5659b02bac33c872884ccd63d6be7912ba976af6e8ae4e5ee09937afcf8b23d8675b40f8ff7447cc
-
SSDEEP
3072:zbRH2+0nmBELlEGXsy1UvVeB04aIcwIlq3Ttmbo868Y:zbRL0nNJn8y+VeBO9l0TtmboT8
Malware Config
Extracted
arrowrat
Client
pdra.duckdns.org:5788
VtREmXzYA
Targets
-
-
Target
Stub.exe
-
Size
155KB
-
MD5
27055f0656283c1bcdafec2beeee39d5
-
SHA1
06947c8acfcc7fa067e761ba76d2ef250fba97ad
-
SHA256
fb48bb91678c696679b72b046aa24ecddb98c4ccf65d068393cdb722cdba8caa
-
SHA512
0ae5ed68882e75ed59ecf0cccd3cfaf7ae40add418416bdc5659b02bac33c872884ccd63d6be7912ba976af6e8ae4e5ee09937afcf8b23d8675b40f8ff7447cc
-
SSDEEP
3072:zbRH2+0nmBELlEGXsy1UvVeB04aIcwIlq3Ttmbo868Y:zbRL0nNJn8y+VeBO9l0TtmboT8
Score10/10-
ArrowRat
Remote access tool with various capabilities first seen in late 2021.
-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-