arrowrat | 90093c647c4ef8f612e3e470c93debfb667aaf39073cd503cd670c6355dc474a | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

158KB
Sample

230620-bb3hwshb76
MD5

1a6204ba18ed28ba84ae8a3299602bc8
SHA1

ca32927f6e8d86e326fda075f096b16fae482c88
SHA256

90093c647c4ef8f612e3e470c93debfb667aaf39073cd503cd670c6355dc474a
SHA512

375d332c572066e9296b8f87a0bf62309db02f6f82dc91c300099e3d7e3a004a9987b88c58ff1114fcf6588d960ef41b296eaed69db1a5cc0b8b78c7f546641c
SSDEEP

3072:gbzZDH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPjSO8Y:gbzZDe0ODhTEPgnjuIJzo+PPcfPjN8

Score

10^/10

arrowrat client persistence rat

Static task

static1

client arrowrat

2 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

arrowrat client persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

arrowrat client persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

3.142.167.4:14894

Mutex

LFqZKjDAo

Targets

- Target
  
  file.exe
- Size
  
  158KB
- MD5
  
  1a6204ba18ed28ba84ae8a3299602bc8
- SHA1
  
  ca32927f6e8d86e326fda075f096b16fae482c88
- SHA256
  
  90093c647c4ef8f612e3e470c93debfb667aaf39073cd503cd670c6355dc474a
- SHA512
  
  375d332c572066e9296b8f87a0bf62309db02f6f82dc91c300099e3d7e3a004a9987b88c58ff1114fcf6588d960ef41b296eaed69db1a5cc0b8b78c7f546641c
- SSDEEP
  
  3072:gbzZDH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPjSO8Y:gbzZDe0ODhTEPgnjuIJzo+PPcfPjN8
Score

10^/10

arrowrat client persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arrowratclientpersistencerat

behavioral2

arrowratclientpersistencerat

© 2018-2024

Terms | Privacy