arrowrat | ec10e8325b6c955e29f74034691df96dc789407043b3b6a9e4117190d7e3372c | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

158KB
Sample

240514-saylzsca24
MD5

530f0cd9dd681beb9e1f941b4f065592
SHA1

657a70a6fe8b704b3cb0bdf3a7bcc440d0bcb189
SHA256

ec10e8325b6c955e29f74034691df96dc789407043b3b6a9e4117190d7e3372c
SHA512

deeb66e0d8751f282f3a73494636d5ba8ccb8682c05ce441a33fa043859e74a5af4c7b3912e1ea53cebdf75b4206e68512a76c3436d502eaaa53f8cfdd4b472c
SSDEEP

3072:gbzbDH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPSSO8Y:gbzbDe0ODhTEPgnjuIJzo+PPcfPSN8

Score

10^/10

arrowrat client persistence rat

Static task

static1

client arrowrat

2 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win10v2004-20240426-en

arrowrat client persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

192.168.56.1:1337

Mutex

ZTDIAGFVu

Targets

- Target
  
  Client.exe
- Size
  
  158KB
- MD5
  
  530f0cd9dd681beb9e1f941b4f065592
- SHA1
  
  657a70a6fe8b704b3cb0bdf3a7bcc440d0bcb189
- SHA256
  
  ec10e8325b6c955e29f74034691df96dc789407043b3b6a9e4117190d7e3372c
- SHA512
  
  deeb66e0d8751f282f3a73494636d5ba8ccb8682c05ce441a33fa043859e74a5af4c7b3912e1ea53cebdf75b4206e68512a76c3436d502eaaa53f8cfdd4b472c
- SSDEEP
  
  3072:gbzbDH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPSSO8Y:gbzbDe0ODhTEPgnjuIJzo+PPcfPSN8
Score

10^/10

arrowrat client persistence rat
- ArrowRat
  Remote access tool with various capabilities first seen in late 2021.
  rat arrowrat
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arrowratclientpersistencerat

© 2018-2024

Terms | Privacy