arrowrat | 883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97

General

Target

Venom5-HVNC-Rat.rar
Size

8.8MB
Sample

231104-xqlpksdb7w
MD5

f84fed326b9437ee25ef3164688bd940
SHA1

e510ad05bf62d925f711a404e22d0b78170fb25d
SHA256

883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97
SHA512

6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d
SSDEEP

196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4

Score

10^/10

arrowrat asyncrat %group%agilenet rat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  Venom5-HVNC-Rat.rar
- Size
  
  8.8MB
- MD5
  
  f84fed326b9437ee25ef3164688bd940
- SHA1
  
  e510ad05bf62d925f711a404e22d0b78170fb25d
- SHA256
  
  883ed64083968eec69d6974ce6f58e5cce6d84319a71a439edcb4f0a06283b97
- SHA512
  
  6612cace68d8093d7ee756b3054322283ad48c3397f47d312a9a780996c8e75ac46d179632f1678d0eec728d7e384faa6467a4b752319dd4396e0b6fa6916a1d
- SSDEEP
  
  196608:TWtEMYTCvgcJm2KCQtuHTkJJkz5A9bLJgEM4TsZBkuCq4:i1YTCvgcJipgmC+nTsZBkun4
Score

10^/10

asyncrat rat agilenet
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AsyncRat

Async RAT payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3