arrowrat | 929b11e9d778f3fb3753f2bfec104862dd325bd91546afc7dfe15803d1726a13

Sharing

Copy URL

Twitter E-mail

General

Target

VenomRAT.rar
Size

6.8MB
Sample

230227-rnb5gadg8t
MD5

f3ee8c380e07eb30c5f5780bdc23d60e
SHA1

8f55e9f20f4be614cfaf21f001b49c18ee55d173
SHA256

929b11e9d778f3fb3753f2bfec104862dd325bd91546afc7dfe15803d1726a13
SHA512

b10411c97b709d49b71b884e4ded9ff8ac08c8cf4c39d86b859cd9d074d2e1da4cf1f41a35d939700f032f4d11f965e92f423a3ba740af140fbc81e35511b48b
SSDEEP

196608:Qkz5znlJS+E4H5ED0r3uHTtKU3H9kXTkjvANy:t7j1ghKU3d+kjV

Score

10^/10

arrowrat asyncrat %group%agilenet rat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  VenomRAT/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral1 behavioral2
- Target
  
  VenomRAT/Plugins/Audio.dll
- Size
  
  25KB
- MD5
  
  025864d133e416f144030cf22ea9f2c3
- SHA1
  
  6be2cb2454335f0de00799000f65c5cee796c185
- SHA256
  
  1323a7212239513270077e07cb436af721acedb0c21c99b06c163a230baaa50a
- SHA512
  
  ccda6ef9847f89e53adaa637c7f762be22506b8b6bd2a5538b6622c33f3244f9c491e39e7df7512b5edced3d0395e4541b182f7da6a254b8891b9d64d71538b2
- SSDEEP
  
  384:si+z4JdSCmRO5Gw5ZGuC0CWdseXGKfZ0CDzukNpLQ3s6XXLca78nOtX:7zJds45GwRC63lF27AOtX
Score

1^/10
behavioral3 behavioral4
- Target
  
  VenomRAT/Plugins/Chat.dll
- Size
  
  456KB
- MD5
  
  8fc1192cf52f55ed5efb5e12210a37bf
- SHA1
  
  dbcf714d0d9b0fe44bdfe2ee150227c2a0e7c387
- SHA256
  
  dfa246c2763bf5df442a81128b3587f7bf530e4327f631cdd4dd79106738cf31
- SHA512
  
  74603de6069cc6bf02afa5cfc3ba1493240bcb7c74fcbd53219448134b79fb5ebefc1dec61ac4c6a04c56dc6d986887a4a68d87ae1dc07ba6d1d8b8afc9d480c
- SSDEEP
  
  6144:CtBlKJ+p4JX0cZsaB6N83r2y/plBWnxfID/uKNlNQ7fOiLXyCrxO9w+KQqxe/tT:CVKTkcZBB6NKbBWnxfIvNr4siQqx4
Score

1^/10
behavioral5 behavioral6
- Target
  
  VenomRAT/Plugins/Discord.dll
- Size
  
  27KB
- MD5
  
  b591cff18fd7344243cf8a4eca624a65
- SHA1
  
  29f9134bb33d429d27b87e6f2112b6753e1dcae4
- SHA256
  
  6a43095314d5e32db307eef638d2f5afea7dd40ff6acda24fc28ce0c1632cb6a
- SHA512
  
  ae1aa8db37182a4b8ee06249da6304c1c105adf06b2091cf24b3e79ad1d6d1a6eaab12bf059cd86deb04b7084d563a25d5bbef6ddf7857c1a34fc0e0032664fc
- SSDEEP
  
  384:HfzPwa/ppmIwuCfMeSmfbQFFVBdseXG3cGh+JaL6lkSggL5XxXIUdwmuJpSVmlY2:HhGIwhPgh0Jd+5XxjwmuJpSV/I7
Score

1^/10
behavioral7 behavioral8
- Target
  
  VenomRAT/Plugins/Extra.dll
- Size
  
  34KB
- MD5
  
  17db58471bf45715ba46b5af7920d676
- SHA1
  
  0ab236a6d554597dac8fc40fc3e1a29f905c0275
- SHA256
  
  dae673b838de497c1aa8a558d4dd5963d90e8b21538cb0d9adce585ef6fbc915
- SHA512
  
  29432c0d19be6ae8c8ab68ab1a7c4007d502222b329f9a0bfb994427f182028aeeacc199dd27334cdc0adabbdee7a07a3d24826ed67b05711c2370a4b7395265
- SSDEEP
  
  384:0hfLE8JhqmxGhnGOheE6qCtdKudseXG5JN2ahDkz7R3bu6jUwv5YacMvvp8D5K8:wQ8hxGWCkQuMPkv5YdAva9IKqbnMK
Score

1^/10
behavioral10 behavioral9
- Target
  
  VenomRAT/Plugins/FileManager.dll
- Size
  
  34KB
- MD5
  
  dab76ee6ff2548a9bd45c0e582f4d90a
- SHA1
  
  70b0e615c1728aa8198dd4be4899fd883bffa1d9
- SHA256
  
  50f93055604c7418fa0e5536afd0b4d535db752b5e7edf588cbc14c1570613a1
- SHA512
  
  431f38a2b08c5d9f9914a05eca7a32084b3b33d473cedb91904776417c49d8599ec81c905a857a118e8d6b39a200accd14b1c21a35b1faea760084fd75967501
- SSDEEP
  
  384:V/fLIMFZcuWQHBVugXvYhXmovTuC/Jn/KddseXG/htVhD8mouoFFAEFuc0oOJPtp:9pBQ2ovTZ/kdczcFhntYtny1l1E
Score

1^/10
behavioral11 behavioral12
- Target
  
  VenomRAT/Plugins/FileSearcher.dll
- Size
  
  280KB
- MD5
  
  a186a27b6e893b60bf236120a6a329a7
- SHA1
  
  9186d71d524f2716c7ad3e934e134aa68366006e
- SHA256
  
  a91d0552200064646768b1fcd393568ca6144279ef0543aee6a74c4d11c34f49
- SHA512
  
  f5acc60bdcf71eea700af6c6372e68d58cac1008a6fc2850dcde1c59310cb84527725740f646be4a146adde6f0878781101670ce922c3566b34262da857aa847
- SSDEEP
  
  3072:OUI94v0G+OSJqB7OOaJOqX8s28ccc9k16uLWcSCSLeNYcEeI/KQ73WmbaC4nRZkp:YKWOaG4X5S9k1zbB6YF6X
Score

1^/10
behavioral13 behavioral14
- Target
  
  VenomRAT/Plugins/Fun.dll
- Size
  
  36KB
- MD5
  
  e07004ec43ed994b9a11999145f5a43a
- SHA1
  
  00cba09ae5a38dcfdbac1a8cff9cd1fff2c0b3e7
- SHA256
  
  2b25c33a033bdc85ea4db8c3ea89bbfc7d1a1dd80d21a1835bba5672759efdd9
- SHA512
  
  39948577cf0185ffbda3c2757c7fa746e41a169ca7fa0a3718cc564fbbec439b047bc540fbd5ac59908965424ef11f6564d9795b101bfc58656247e76b0c88f5
- SSDEEP
  
  384:T7fLviWK1Xr4GtVmEc6BktslnlrqKQdseXGtrR52bhimwy0Xprnhc4r/f7rpVqKX:fGXFEGtMqS2lnhQk95Z3nhXrLDUCE+
Score

1^/10
behavioral15 behavioral16
- Target
  
  VenomRAT/Plugins/Information.dll
- Size
  
  27KB
- MD5
  
  a7670d3509baa51af6566b93b185b854
- SHA1
  
  2b322b936eea3dd5414efe589acab3cb49dfe9b2
- SHA256
  
  9fbfd1036e579edc9498625e86c45743e4ad8ecf5960f4a87a9402ba1236448f
- SHA512
  
  34999ca9b71de6ed4a3cc99177ee472bf90af9282a095d2cf6b05f17e896f518b46382aee021b540f5422c0997680023206b1281013c468a72116cb646a89882
- SSDEEP
  
  384:BRfL6mS8ayvHxy63m+tDZdseXGEXNhDYLuA7InXxtXciyxVM6d0PALKz9G+mZ9:nBS8x72+1ZTaIn3siOvePALKs+m3
Score

1^/10
behavioral17 behavioral18
- Target
  
  VenomRAT/Plugins/Logger.dll
- Size
  
  28KB
- MD5
  
  3717491f7b1a90aaa5f271ab14147a9b
- SHA1
  
  bced873bf58c79d2787d8ea501e7888b260d36f6
- SHA256
  
  f744c46e4c678d65d9682a0f42dc2b82277ea2d879eeb3d708fb70af2af40a94
- SHA512
  
  c45dae23e4fe7524aba823a834b6882572d4de10034291b81236fe6a44457e4d8fbc935b1d673b6b83260925f76ba1a0ae156eca4626b795f10b1a1e4f327a31
- SSDEEP
  
  384:KyQLebQc3aImZ5mzk2yKajPdseXGLN0phDbuAyso4bNmLaNDNCsQKbQr1jIC8:/i/bbUyPMeBbI1AQ50C8
Score

1^/10
behavioral19 behavioral20
- Target
  
  VenomRAT/Plugins/MessagePackLib.dll
- Size
  
  18KB
- MD5
  
  aff009b639ba8794200e91f7ea8915d9
- SHA1
  
  772ad6e739b1c85e09a3c2e0dc50797a8352ee71
- SHA256
  
  007a50a1275964e14abecc461549ae495147417d601c5900f3105330bb2e4a4f
- SHA512
  
  2f68cf7805c8360d343c97ffd734c7f277e5949b7ca74e2a5a39c821eadc32415bf1c737b9d424003b5040260c9fdf6ae4eeba14378a2f9f8ddcdd23aa42bfc6
- SSDEEP
  
  384:itmuRruSxseXG+PgWuULvlxX/Db1NSChgqz:iUudV/llxd8qz
Score

1^/10
behavioral21 behavioral22
- Target
  
  VenomRAT/Plugins/Miscellaneous.dll
- Size
  
  85KB
- MD5
  
  8ed27058380bfe4ed4b7a761209ad623
- SHA1
  
  4787a6d8d7a55f214d953a37718f942155e800ba
- SHA256
  
  588ed6232c93d2e18a40051b02b6e0b0c2ce252b897667d5c6134166206c7396
- SHA512
  
  c31450e4f33eaee44e59711129ca4c1207724bcbf2f79c39e077589fee0151f123aed8d95ed2ff9519b0faf2fd1befd4ec1aa9f5698c501351124be7711822e1
- SSDEEP
  
  1536:IsOZ2/gahPUvCOco3CVp8inOm3O4pj+amjzTt+IdjEl:IsOZ2juCOnSVpZ3O4pj+aOzdK
Score

1^/10
behavioral23 behavioral24
- Target
  
  VenomRAT/Plugins/Netstat.dll
- Size
  
  27KB
- MD5
  
  f0da85bd2bda4f27567910b80481b920
- SHA1
  
  4363e72fdd4de82b36ba248c899c3bcbb02399be
- SHA256
  
  479371c859f9e18a38b0832cc49b817cbec3970d1820badd5e274a7809afdeea
- SHA512
  
  237020ab90c043b34053eb551c4e2bc8bab1243e545e747e433dbec409caff289c424cc60a3068eeed0a101d3b5181d74bee6f7155b35439193b9ba018396f90
- SSDEEP
  
  384:3VOeeN9i/cmrHm2kRpaeFZFXO4JA2oh93dseXGXh0gReDmYuDeFjSoB4Sk7DEY3:Fci/tGPraU7eWA2oPz3TB4P7R3+V+I
Score

1^/10
behavioral25 behavioral26
- Target
  
  VenomRAT/Plugins/Options.dll
- Size
  
  377KB
- MD5
  
  0fd19be97a94b00e440d14b06449cf92
- SHA1
  
  c0ce1911fe5ddd5d9b9446b16df6c51a555e5415
- SHA256
  
  0460389a3845a271ba5d65b30b66c57458f2373d75aad94e92416d772d06df5d
- SHA512
  
  1049d90236b43a617ee3ede56ed175a39d1bf090ad1469f9edf71d91fdd7267b1aacdd3303a1ead11785aed2bc31dbb9fb1b2f15461cc793c7ab7c8b8f31e9f5
- SSDEEP
  
  6144:50ZHTjm66pzzevOqsdHUIByYF3ykIGL/ec:50x6Jy2TB7UkIS/
Score

1^/10
behavioral27 behavioral28
- Target
  
  VenomRAT/Plugins/ProcessManager.dll
- Size
  
  27KB
- MD5
  
  97a477186db32bb9020166069dbc25bc
- SHA1
  
  bb1eea629845e6adfcc8620eb80027c8ad145942
- SHA256
  
  e7d1a49c2c1ebce3b465f5a97d1771bd7681a263b676b0311a3ad9e58b87e1f9
- SHA512
  
  1e17734ff635b555888e686c5fa6bd8e86568bf45885c407bf2afbb96c95864781cd2274f99322df0d3683b5df504148f941dcc689e50d6b829db5a4f01e021e
- SSDEEP
  
  384:qH5CDlBVSGumXg3eg9cZNvPR11+RIdseXGdR26ZDWl9fEZ5QDGSqunLIJuIeJgnY:qH5Cx2aXQeOkFyiEY7M/Griz2
Score

1^/10
behavioral29 behavioral30
- Target
  
  VenomRAT/Plugins/Recovery.dll
- Size
  
  1.3MB
- MD5
  
  902c646c9cfad54cb1271b8d4db4ce10
- SHA1
  
  96776a4cbe93a5e1a8a4b52a4a03172a27429a59
- SHA256
  
  d446330954f19467b8e8b09b4773781c54292c2a3dbdeab27619baac0664074e
- SHA512
  
  f3c7437888ca312ac5b617d0f574839a740735abfeaf07817e0baa62a372f84f16b932aa4d6ba60e8f040b2ba9a4bc45b2c7ce05a0a1a471a18b5aae17fd3d76
- SSDEEP
  
  24576:31lec1oJ/S8f+I9pADW+mmVrbseOr1Pr4A3Px:31cZV+I9GEmVrbseg4A35
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32