Overview

overview

10

Static

static

10

bDCK.exe

windows7-x64

10

bDCK.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bDCK.exe

  • Size

    138KB

  • Sample

    230305-3lj8vahh57

  • MD5

    e22c97f1931fdec29962ae778c5b44c3

  • SHA1

    7b0587f698a12619a735ce2536ec6a298ac92874

  • SHA256

    2380ff875da958af3a345764860a8d70761bdc4f9feb20c1b183a83b9cae1b0c

  • SHA512

    6f65b90401c650f66e22fb65c176edf73c09ef0bc0a34f7ee761fb984032e975cc3835dcdb22bc3d62c99678ad7a03b0fcbeb8dd679728ce49d035763c49c309

  • SSDEEP

    3072:2bvt5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/Y0:2bv7S7BqjjYHdrqkL/

Score
10/10
arrowraty905dcpersistencerat

Malware Config

Extracted

Family

arrowrat

Botnet

Y905DC

C2

windowsii.duckdns.org:1338

Mutex

QTZ3XG

Targets

    • Target

      bDCK.exe

    • Size

      138KB

    • MD5

      e22c97f1931fdec29962ae778c5b44c3

    • SHA1

      7b0587f698a12619a735ce2536ec6a298ac92874

    • SHA256

      2380ff875da958af3a345764860a8d70761bdc4f9feb20c1b183a83b9cae1b0c

    • SHA512

      6f65b90401c650f66e22fb65c176edf73c09ef0bc0a34f7ee761fb984032e975cc3835dcdb22bc3d62c99678ad7a03b0fcbeb8dd679728ce49d035763c49c309

    • SSDEEP

      3072:2bvt5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/Y0:2bv7S7BqjjYHdrqkL/

    Score
    10/10
    arrowraty905dcpersistencerat

    • ArrowRat

      Remote access tool with various capabilities first seen in late 2021.

      ratarrowrat

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks