Behavioral task
behavioral1
Sample
2324-140-0x0000000000400000-0x000000000042C000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2324-140-0x0000000000400000-0x000000000042C000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
2324-140-0x0000000000400000-0x000000000042C000-memory.dmp
-
Size
176KB
-
MD5
be9bb3085ed5cd7c5e3212addfafabde
-
SHA1
bb0080502f256430ad450b45a25c1effdb60b953
-
SHA256
4e4dcd976d91fa65cc102b3a9a067852c0bfe2c080d46917d311ff46187cfa28
-
SHA512
dbf724492c5eecd4b3ef79039ff6cf0f11fa282904d489ef7ed51cddeceb9bf9320f59a19fb76c689d0d175127236f040e70b38c0815d6adb6396b5d7d685386
-
SSDEEP
3072:ebRH+0O5VbFHexuiCrK0ovzNC0Fie+5cVjvn+sZCh8/QbM768Y:ebRe0OLoxuiCNovpke+cvnOaQJ8
Malware Config
Extracted
arrowrat
Client
65.108.204.97:1337
PreIzXewwN
Signatures
-
Arrowrat family
Files
-
2324-140-0x0000000000400000-0x000000000042C000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ