Extracted

• • Target

    PandoraClient.exe

  • Size

    138KB

  • MD5

    4649bb4b0cb232966683c589150ff119

  • SHA1

    d2165c3988dc382fbf1bfec9828f323a9ac9282b

  • SHA256

    41940020b7778a380f4d0907d4a95a8afe2108b3df3f7f73d7847d069ff29dcc

  • SHA512

    72061b043678530ab19d6d3438c5cfe9e0d1b653899292191e11dc9bae1b70401ca053cc146d9bd3cdae60a28e8451c552f3b880651bfd7cd3531cb2e491d4f9

  • SSDEEP

    3072:qbvR5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/Yn:qbv/S7BqjjYHdrqkL/

  Score

  10^/10

  arrowratclientpersistencerat

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • Modifies Installed Components in the registry

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2