Behavioral task
behavioral1
Sample
Client.exe
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
Client.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
Client.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Client.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Client.exe
Resource
win11-20240419-en
Behavioral task
behavioral6
Sample
Client.exe
Resource
android-x64-arm64-20240506-en
General
-
Target
Client.exe
-
Size
158KB
-
MD5
d0a55dda2e691dbb7eedcd02cc7eaffa
-
SHA1
37433d28c8f89e0f3b63e145d592e86e9da9b22f
-
SHA256
0a53456ad2ce6a20c459e38a8fb0be2751c7543a0d8a47f52bb48a8b6d24d335
-
SHA512
de5975c1c76799649b917b5e43c681ea2aff06813f43d363d4dc2ec8c99d33ba17026cb07a26931e6f637e26add9090be0eccc95f753f625461c75fe2b07327a
-
SSDEEP
3072:wbzmH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPzdO8Y:wbzme0ODhTEPgnjuIJzo+PPcfPzQ8
Malware Config
Extracted
arrowrat
Client
26.137.109.175:1337
pqjvqGUKv
Signatures
-
Arrowrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Client.exe
Files
-
Client.exe.exe windows:4 windows x86 arch:x86
Password: asd
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 153KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ