Extracted

• • Target

    Client.exe

  • Size

    158KB

  • MD5

    e342241a46ccb69a5e50aab1c3910172

  • SHA1

    63f28e0544c4689fc934e61269c5b5c47e8585a8

  • SHA256

    6e720a7d86006e8cc69a9edf11e3e78608061cf606eca26d235db6282b002b97

  • SHA512

    98a799f600c4562228d5f6b3c431bffac7595908dbffa6484995fe5b958656eb31c9b42dd873f72aa49feec203e8db16c384dccaeb377d34f55beeffc7b8ceda

  • SSDEEP

    3072:qbzmH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPGKO8Y:qbzme0ODhTEPgnjuIJzo+PPcfPG18

  Score

  10^/10

  arrowratclientpersistencerat

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • Modifies Installed Components in the registry

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1