Extracted

• • Target

    Client.exe

  • Size

    158KB

  • MD5

    c45efc7859477f21053f9aceed75ee2e

  • SHA1

    f6131ecbb660b1dc6807f5136535f56ec624a894

  • SHA256

    612279d12e8d9d25ad3de6d0322cb0e03047fcbda29c7753f761ca1dea2ef36d

  • SHA512

    67947148c26ac305047d348dc2cfdb793c4ffd76e383044b6babd61f595a2662e916bee6ffa31529be1eb2b7278dc4aa76c39bd957257c1131551623548e601c

  • SSDEEP

    3072:dbR1+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPJ8a8Y:dbRY0ODhTEPgnjuIJzo+PPcfPJ8

  Score

  10^/10

  arrowratasyncratclientpersistenceratspywarestealer

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat

  • Async RAT payload

    rat

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1