General
-
Target
b41b657eb9883b9d2de872e7200d4fd2.exe
-
Size
158KB
-
Sample
240811-hr3l6atdjb
-
MD5
b41b657eb9883b9d2de872e7200d4fd2
-
SHA1
a9b102d7b76416bc4beaa2702e3b90206c323b66
-
SHA256
a73f67009d77906b2dfee216b4e7cb940eef13304c22e909b65cd2834e291b1a
-
SHA512
eb290a85597c934485887d7ccf21642042ceff82b052784543a55569af404b60fc9d42dcd42da027750d439a55a928705d4f9c1e40824e8f0b91d2e92110d73f
-
SSDEEP
3072:5bzwH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfP6OO8Y:5bzwe0ODhTEPgnjuIJzo+PPcfP6B8
Behavioral task
behavioral1
Sample
b41b657eb9883b9d2de872e7200d4fd2.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b41b657eb9883b9d2de872e7200d4fd2.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
arrowrat
Client
and-statements.gl.at.ply.gg:43442
KRSSneMpK
Targets
-
-
Target
b41b657eb9883b9d2de872e7200d4fd2.exe
-
Size
158KB
-
MD5
b41b657eb9883b9d2de872e7200d4fd2
-
SHA1
a9b102d7b76416bc4beaa2702e3b90206c323b66
-
SHA256
a73f67009d77906b2dfee216b4e7cb940eef13304c22e909b65cd2834e291b1a
-
SHA512
eb290a85597c934485887d7ccf21642042ceff82b052784543a55569af404b60fc9d42dcd42da027750d439a55a928705d4f9c1e40824e8f0b91d2e92110d73f
-
SSDEEP
3072:5bzwH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfP6OO8Y:5bzwe0ODhTEPgnjuIJzo+PPcfP6B8
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-