arrowrat | 9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43 | Triage

Submit
Reports

Overview

overview

Static

static

client.bin.exe

windows7-x64

client.bin.exe

windows10-2004-x64

Sharing

General

Target

client.bin.exe
Size

144KB
Sample

221021-halx3sfffl
MD5

f4fdcb900e7af47100ac9e46945fbd55
SHA1

c1d235a9a2cae8d5a8d4f6ceb4eab9417e1b1fb2
SHA256

9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43
SHA512

236eef98d4695a5e1224a87a1dc598639e5c49f6dd192a96cc1b9f8305faa57078deb62d73906a33ba1c1fac4fa5ccc5f344a0f196dbba718b76a36667984ac2
SSDEEP

3072:Bsp9iv+DYM5ob0HGNSKsstcnZTJQDgWPaySsdH5boWz:Op9iTMSb0mgKFcQjhdH

Score

10^/10

arrowrat asyncrat %group%persistence rat

Static task

static1

rat %group%asyncrat arrowrat

3 signatures

Behavioral task

behavioral1

Sample

client.bin.exe

Resource

win7-20220812-en

arrowrat asyncrat %group%persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

client.bin.exe

Resource

win10v2004-20220901-en

arrowrat asyncrat %group%persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  client.bin.exe
- Size
  
  144KB
- MD5
  
  f4fdcb900e7af47100ac9e46945fbd55
- SHA1
  
  c1d235a9a2cae8d5a8d4f6ceb4eab9417e1b1fb2
- SHA256
  
  9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43
- SHA512
  
  236eef98d4695a5e1224a87a1dc598639e5c49f6dd192a96cc1b9f8305faa57078deb62d73906a33ba1c1fac4fa5ccc5f344a0f196dbba718b76a36667984ac2
- SSDEEP
  
  3072:Bsp9iv+DYM5ob0HGNSKsstcnZTJQDgWPaySsdH5boWz:Op9iTMSb0mgKFcQjhdH
Score

10^/10

arrowrat asyncrat %group%persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rat%group%asyncratarrowrat

behavioral1

arrowratasyncrat%group%persistencerat

behavioral2

arrowratasyncrat%group%persistencerat

© 2018-2025

Terms | Privacy