arrowrat | 9e3cde7a6f4c114daf5627a39a5999918f894489c922d82008cb21771f761d45

Sharing

Copy URL

Twitter E-mail

General

Target

Venom5-HVNC-Rat.rar
Size

29.4MB
Sample

230724-sl2g1sfb9w
MD5

9c750cfbe1dbd4f4d87dcfc145d06237
SHA1

67b5ca12ee20e6a1cdbf273d5a1736522fcdf649
SHA256

9e3cde7a6f4c114daf5627a39a5999918f894489c922d82008cb21771f761d45
SHA512

d0dc5ef150228d3dfe3583576f1cd16a25bda020e1a80ac19b708cd8c1ae661e3c96f96622ab10ecc00029fb9dfabeda3194c9f7fbf0e6d32bfecc45b5d2d65f
SSDEEP

786432:QlrWp1qT/Jj8hGTGm1qH9ymV5l4BbulMulv9ymiIBjVul8B6ul7WP985iSGIfXN7:QlrWp+p8hsGmifB4BbpwfiejVlB6u89c

Score

10^/10

arrowrat asyncrat %group%agilenet rat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  Venom5-HVNC-Rat.rar
- Size
  
  29.4MB
- MD5
  
  9c750cfbe1dbd4f4d87dcfc145d06237
- SHA1
  
  67b5ca12ee20e6a1cdbf273d5a1736522fcdf649
- SHA256
  
  9e3cde7a6f4c114daf5627a39a5999918f894489c922d82008cb21771f761d45
- SHA512
  
  d0dc5ef150228d3dfe3583576f1cd16a25bda020e1a80ac19b708cd8c1ae661e3c96f96622ab10ecc00029fb9dfabeda3194c9f7fbf0e6d32bfecc45b5d2d65f
- SSDEEP
  
  786432:QlrWp1qT/Jj8hGTGm1qH9ymV5l4BbulMulv9ymiIBjVul8B6ul7WP985iSGIfXN7:QlrWp+p8hsGmifB4BbpwfiejVlB6u89c
Score

8^/10
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Quasar/Server/Forms/FrmReverseProxy.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral3 behavioral4
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Quasar/Server/Forms/ReverseProxyHandler.cs
- Size
  
  286B
- MD5
  
  9ee9484a49d373b5c979243b73b3a6d4
- SHA1
  
  f443d0aff04a7684e654f63d8af90adeccf9349c
- SHA256
  
  b285749850d331299a33b06068106299746f00831fa9666920df71ee229c6c2d
- SHA512
  
  0ece00d13ed69131f4eed497dc4669c1fc8adf7f4577137071a0b480cbef0ae8dd6fd779019a306696f5369c2bea9427e0961191447b0a322a4239f0a711385a
Score

3^/10
behavioral5 behavioral6
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Quasar/Server/Helper.cs
- Size
  
  189B
- MD5
  
  11e549460fecd638396d7d619ae05f82
- SHA1
  
  3deb4ef5e5d1176160c5a96cbee3aaf29bb53051
- SHA256
  
  2e9dc7e2528549317ab6ac445117c1ae64d1842df612ac65ed7975a27f6ed8c2
- SHA512
  
  599655fbdaf18d73ef51763f4921d68d4343a13df3f9c71e8282c3ffa4df0536681fe3bc4b2833a7c1d307bb7db5371d97ae417b7391d09540a294d2c75e5675
Score

3^/10
behavioral7 behavioral8
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/HVNC.FrmBuilder.resources
- Size
  
  666KB
- MD5
  
  562c8bcce238abf004e09ae14372a736
- SHA1
  
  d8a13e581f4c45583328e32a6d9575436cd9fd95
- SHA256
  
  8fbd3178b21ef4d89f02052a2ca32f5f06aacdda1b4a34620d0b095407f9fbed
- SHA512
  
  901c0183af6ed4efef639b2c64cc030ac013101d7882d365e598ee4ccc962ee82564588aa19d66a767662a14ccbca37f4385a76f16bbcda7bf7c68992e5b9941
- SSDEEP
  
  12288:KJA2GFCaKLdSRkamhj15PTli7dp/FOuj8vXjk6wyLlXhzsp7BukF+Ni:K62GFURSnmx15PkBp/FOuj8v46HL3kuS
Score

3^/10
behavioral10 behavioral9
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/HVNC.FrmMain.resources
- Size
  
  740KB
- MD5
  
  eba2876310168f81b9e4246cbc5d6037
- SHA1
  
  bff480520f6c04b1268a21bea4cf84eb996bb7ba
- SHA256
  
  d4d5c10823b8cc66b7ad4166e630ecbabf2ab6011b56c4c658d1e4cfc69b07fe
- SHA512
  
  f3abfd28e1466dd28f472bbbf9646d1370c80af938fa59293377730866f9cbc2194b86433fb284d00326fcce05b21ae65504c33bee704e1df5e3393e529576e0
- SSDEEP
  
  12288:/JA2GuQl/XusCaKLdSRkamhj15PTli7dp/FOuj8vXjk6wyLlXhzsp7BukF+N1R:/62GuwDURSnmx15PkBp/FOuj8v46HL3l
Score

3^/10
behavioral11 behavioral12
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/HVNC.FrmMassUpdate.resources
- Size
  
  666KB
- MD5
  
  562c8bcce238abf004e09ae14372a736
- SHA1
  
  d8a13e581f4c45583328e32a6d9575436cd9fd95
- SHA256
  
  8fbd3178b21ef4d89f02052a2ca32f5f06aacdda1b4a34620d0b095407f9fbed
- SHA512
  
  901c0183af6ed4efef639b2c64cc030ac013101d7882d365e598ee4ccc962ee82564588aa19d66a767662a14ccbca37f4385a76f16bbcda7bf7c68992e5b9941
- SSDEEP
  
  12288:KJA2GFCaKLdSRkamhj15PTli7dp/FOuj8vXjk6wyLlXhzsp7BukF+Ni:K62GFURSnmx15PkBp/FOuj8v46HL3kuS
Score

3^/10
behavioral13 behavioral14
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/HVNC.FrmTransfer.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral15 behavioral16
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/HVNC.FrmURL.resources
- Size
  
  666KB
- MD5
  
  562c8bcce238abf004e09ae14372a736
- SHA1
  
  d8a13e581f4c45583328e32a6d9575436cd9fd95
- SHA256
  
  8fbd3178b21ef4d89f02052a2ca32f5f06aacdda1b4a34620d0b095407f9fbed
- SHA512
  
  901c0183af6ed4efef639b2c64cc030ac013101d7882d365e598ee4ccc962ee82564588aa19d66a767662a14ccbca37f4385a76f16bbcda7bf7c68992e5b9941
- SSDEEP
  
  12288:KJA2GFCaKLdSRkamhj15PTli7dp/FOuj8vXjk6wyLlXhzsp7BukF+Ni:K62GFURSnmx15PkBp/FOuj8v46HL3kuS
Score

3^/10
behavioral17 behavioral18
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Quasar.Server.Forms.FrmReverseProxy.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral19 behavioral20
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Server.Form1.resources
- Size
  
  890KB
- MD5
  
  e24bb248a2f82e5579cf3cc35e96c998
- SHA1
  
  c930439a0faceae64f6d3c40577ff55fa4f6de70
- SHA256
  
  89aede591c85217d59826f8f4f0acd19de0d0704eb586f3396bfee1058cf3f68
- SHA512
  
  5daeaa08e1b0e91974653c1dcbfbb7021a434a935fd83b3fa1a9260d30b9cc89bf60645ab1017d6a6aa8f2712f1d1d23cd1b94f1568bf71415a6ac6b72ff8682
- SSDEEP
  
  24576:d62GuTI62GcURSnmx15PkBp/FOuj8v46HL3kuZ:dlGKIlGctA5PkXqr3f
Score

3^/10
behavioral21 behavioral22
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Server.FormSendFileToMemory.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral23 behavioral24
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Server.Forms.FormAbout.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral25 behavioral26
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Server.Forms.FormAudio.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral27 behavioral28
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Server.Forms.FormBuilder.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral29 behavioral30
- Target
  
  Venom5-HVNC-Rat/VenomRAT_HVNC/Resources/Server.Forms.FormCertificate.resources
- Size
  
  121KB
- MD5
  
  985abed9c24710786bb81630e5720e63
- SHA1
  
  e91e25e8ae7e2dad1844bb07a5b1e07300166b75
- SHA256
  
  b7dccd9ca6ca51adc8b75338206e56f5c555f1cf181c53b48916cdf65da045aa
- SHA512
  
  42d09e136bf3f291083774a931776b0b70db77de39b0b6e9d7fd6ff3de6a5863391c8cdfe1f0ce22a62cfdeb90aea1f3593433bf71d54e3a1e8ead752c08a5e0
- SSDEEP
  
  768:AQybEh7P2bOpsNyo0TRVuOxJBoAl2TwDjNNWGR75HV1dmUqLxMhI:AzbpKqyDiJTwD2A75HV1JqdMK
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32