arrowrat | 6e720a7d86006e8cc69a9edf11e3e78608061cf606eca26d235db6282b002b97 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

158KB
Sample

240227-2mdl1sdc93
MD5

e342241a46ccb69a5e50aab1c3910172
SHA1

63f28e0544c4689fc934e61269c5b5c47e8585a8
SHA256

6e720a7d86006e8cc69a9edf11e3e78608061cf606eca26d235db6282b002b97
SHA512

98a799f600c4562228d5f6b3c431bffac7595908dbffa6484995fe5b958656eb31c9b42dd873f72aa49feec203e8db16c384dccaeb377d34f55beeffc7b8ceda
SSDEEP

3072:qbzmH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPGKO8Y:qbzme0ODhTEPgnjuIJzo+PPcfPG18

Score

10^/10

arrowrat client persistence rat

Static task

static1

client arrowrat

2 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20240226-en

arrowrat client persistence rat

windows10-2004-x64

13 signatures

1800 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

185.103.101.105:1337

Mutex

VzRgLAhmN

Targets

- Target
  
  Client.exe
- Size
  
  158KB
- MD5
  
  e342241a46ccb69a5e50aab1c3910172
- SHA1
  
  63f28e0544c4689fc934e61269c5b5c47e8585a8
- SHA256
  
  6e720a7d86006e8cc69a9edf11e3e78608061cf606eca26d235db6282b002b97
- SHA512
  
  98a799f600c4562228d5f6b3c431bffac7595908dbffa6484995fe5b958656eb31c9b42dd873f72aa49feec203e8db16c384dccaeb377d34f55beeffc7b8ceda
- SSDEEP
  
  3072:qbzmH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPGKO8Y:qbzme0ODhTEPgnjuIJzo+PPcfPG18
Score

10^/10

arrowrat client persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arrowratclientpersistencerat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.