General

  • Target

    222.txt

  • Size

    457KB

  • Sample

    230517-w5a1ysfb3z

  • MD5

    5ff1aded34d5d6f0635f6f9861436886

  • SHA1

    d798ff38d279754353ee88ff35bf46a87dc75484

  • SHA256

    abf2dcd61f4a9717e372e32dcfcb02831e51130f4a91fa87bb7954785db435fd

  • SHA512

    b3d6b951c3130e8a834744cbebc78208b9e1393517ca40e4e3a5bdf391cb1c05c4a23ee88aaac61b1be5a163811069d97ecfdf372457607cc3716ea11a6d8402

  • SSDEEP

    6144:6VDFV/A8nNKmbcRTUufYbE6N4tDeaBfLo1sHsl9yS/M0HixBNqrpB92bMDsA4nx2:snND98MDL

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

185.252.178.121:1337

Mutex

qCDAaGyIF

Targets

    • Target

      222.txt

    • Size

      457KB

    • MD5

      5ff1aded34d5d6f0635f6f9861436886

    • SHA1

      d798ff38d279754353ee88ff35bf46a87dc75484

    • SHA256

      abf2dcd61f4a9717e372e32dcfcb02831e51130f4a91fa87bb7954785db435fd

    • SHA512

      b3d6b951c3130e8a834744cbebc78208b9e1393517ca40e4e3a5bdf391cb1c05c4a23ee88aaac61b1be5a163811069d97ecfdf372457607cc3716ea11a6d8402

    • SSDEEP

      6144:6VDFV/A8nNKmbcRTUufYbE6N4tDeaBfLo1sHsl9yS/M0HixBNqrpB92bMDsA4nx2:snND98MDL

    • ArrowRat

      Remote access tool with various capabilities first seen in late 2021.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.