arrowrat | 35d8f56cdb6c9a6b6ddbc00374a69a147f691d6640f7c199199d321bf1ec6923 | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

158KB
Sample

240514-sada2sbh74
MD5

ddd78d5b177c9515d2e8fb3e2c0d3ca2
SHA1

cfac443e8eaf2b855a109a53ac1cdd041bbb64d1
SHA256

35d8f56cdb6c9a6b6ddbc00374a69a147f691d6640f7c199199d321bf1ec6923
SHA512

d6e2793bca32d98a1ec3be6b82d2f7c2225ed756cb3761d6b921588b99bd6e7fefa261fdc16907074e8f23be96563bc9c94b148e8f23425760d3d955139227eb
SSDEEP

3072:abz7H+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPbSO8Y:abz7e0ODhTEPgnjuIJzo+PPcfPbN8

Score

10^/10

arrowrat client persistence rat

Static task

static1

client arrowrat

2 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20240226-en

arrowrat client persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

99.83.12.91:1337

Mutex

mfrPoMrhW

Targets

- Target
  
  Client.exe
- Size
  
  158KB
- MD5
  
  ddd78d5b177c9515d2e8fb3e2c0d3ca2
- SHA1
  
  cfac443e8eaf2b855a109a53ac1cdd041bbb64d1
- SHA256
  
  35d8f56cdb6c9a6b6ddbc00374a69a147f691d6640f7c199199d321bf1ec6923
- SHA512
  
  d6e2793bca32d98a1ec3be6b82d2f7c2225ed756cb3761d6b921588b99bd6e7fefa261fdc16907074e8f23be96563bc9c94b148e8f23425760d3d955139227eb
- SSDEEP
  
  3072:abz7H+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPbSO8Y:abz7e0ODhTEPgnjuIJzo+PPcfPbN8
Score

10^/10

arrowrat client persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arrowratclientpersistencerat

© 2018-2024

Terms | Privacy