Extracted

• • Target

    Client.exe

  • Size

    158KB

  • MD5

    0dd200d5163a677c9f2c4eaa73210ed6

  • SHA1

    a828ef3fd25efc9896fd6488a0d07a4bf91804d7

  • SHA256

    e9d64e1290c710d5d24535336eb50aadcd001cbcee1a95693849cc3d1f8f6bc1

  • SHA512

    f247fc1f557be801e6661e08201a40bbd4292666627a3cbe29df75545728ce975aa2fc2a90a2452690cebf2be0cfe98eabef5cab05c423617ccb26c8b20803a0

  • SSDEEP

    3072:gbzbDH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPSSO8Y:gbzbDe0ODhTEPgnjuIJzo+PPcfPSN8

  Score

  10^/10

  arrowratclientpersistencerat

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • Modifies Installed Components in the registry

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1