arrowrat | 151e25188fd745e3018605af4df7da77bc6cb5bd105978e667a371662646a288 | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows7-x64

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

158KB
Sample

231112-y985nabe3t
MD5

fbe2de3a8f343b1e923a8f5176f1fcf3
SHA1

9bf0f79d9110d7580be60da0d574863411074c92
SHA256

151e25188fd745e3018605af4df7da77bc6cb5bd105978e667a371662646a288
SHA512

225727fc2b982494b7644a1301367aa17be10c2f1c696df200bc8543805fbf44e2a3a266fc961917fc963fce43d9c7bee6b72d3d89c5565c770e30bcfa2839d7
SSDEEP

3072:TbzGH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfP6OO8Y:TbzGe0ODhTEPgnjuIJzo+PPcfP6B8

Score

10^/10

arrowrat client persistence rat

Static task

static1

client arrowrat

2 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win7-20231023-en

arrowrat client persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client.exe

Resource

win10v2004-20231023-en

arrowrat client persistence rat

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

147.185.221.16:40164

Mutex

RnmYPKijw

Targets

- Target
  
  Client.exe
- Size
  
  158KB
- MD5
  
  fbe2de3a8f343b1e923a8f5176f1fcf3
- SHA1
  
  9bf0f79d9110d7580be60da0d574863411074c92
- SHA256
  
  151e25188fd745e3018605af4df7da77bc6cb5bd105978e667a371662646a288
- SHA512
  
  225727fc2b982494b7644a1301367aa17be10c2f1c696df200bc8543805fbf44e2a3a266fc961917fc963fce43d9c7bee6b72d3d89c5565c770e30bcfa2839d7
- SSDEEP
  
  3072:TbzGH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfP6OO8Y:TbzGe0ODhTEPgnjuIJzo+PPcfP6B8
Score

10^/10

arrowrat client persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arrowratclientpersistencerat

behavioral2

arrowratclientpersistencerat

© 2018-2024

Terms | Privacy