arrowrat | 35d8f56cdb6c9a6b6ddbc00374a69a147f691d6640f7c199199d321bf1ec6923 | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

158KB
Sample

240514-sada2sbh74
MD5

ddd78d5b177c9515d2e8fb3e2c0d3ca2
SHA1

cfac443e8eaf2b855a109a53ac1cdd041bbb64d1
SHA256

35d8f56cdb6c9a6b6ddbc00374a69a147f691d6640f7c199199d321bf1ec6923
SHA512

d6e2793bca32d98a1ec3be6b82d2f7c2225ed756cb3761d6b921588b99bd6e7fefa261fdc16907074e8f23be96563bc9c94b148e8f23425760d3d955139227eb
SSDEEP

3072:abz7H+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPbSO8Y:abz7e0ODhTEPgnjuIJzo+PPcfPbN8

Score

10^/10

arrowrat client persistence rat

Static task

static1

client arrowrat

2 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20240226-en

arrowrat client persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

99.83.12.91:1337

Mutex

mfrPoMrhW

Targets

- Target
  
  Client.exe
- Size
  
  158KB
- MD5
  
  ddd78d5b177c9515d2e8fb3e2c0d3ca2
- SHA1
  
  cfac443e8eaf2b855a109a53ac1cdd041bbb64d1
- SHA256
  
  35d8f56cdb6c9a6b6ddbc00374a69a147f691d6640f7c199199d321bf1ec6923
- SHA512
  
  d6e2793bca32d98a1ec3be6b82d2f7c2225ed756cb3761d6b921588b99bd6e7fefa261fdc16907074e8f23be96563bc9c94b148e8f23425760d3d955139227eb
- SSDEEP
  
  3072:abz7H+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPbSO8Y:abz7e0ODhTEPgnjuIJzo+PPcfPbN8
Score

10^/10

arrowrat client persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

arrowratclientpersistencerat

© 2018-2024

Terms | Privacy