arrowrat | PandoraClient[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

PandoraClient.exe

windows10-2004-x64

Sharing

Static task

static1

client arrowrat

1 signatures

Behavioral task

behavioral1

Sample

PandoraClient.exe

Resource

win10v2004-20230220-en

arrowrat client persistence rat

windows10-2004-x64

16 signatures

120 seconds

General

Target

PandoraClient.exe
Size

158KB
MD5

3eee7fa59a133b6c2fef8f0ad620fbaa
SHA1

4375f6e3df9e013dd69ba94917ae17de490bb279
SHA256

57863c2370ced5e6f6979f44244d76c97e09574a8178ace79755287fc835ab91
SHA512

ee30da5303191a0d4c0e08553e27df3e0c47e2310b898d4521065d11dd81bfd2507d731c1a58bab113092a35ccfa79ccd14831bac680983efbad63d40beb64fe
SSDEEP

3072:hbzVL+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfP7fO8Y:hbzVC0ODhTEPgnjuIJzo+PPcfP7W8

Score

10^/10

client arrowrat

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

soon-lp.at.ply.gg:17209

Mutex

JwqqOowIr

Signatures

Arrowrat family
arrowrat

Files

PandoraClient.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy