General
-
Target
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe
-
Size
138KB
-
Sample
241011-q7zt7svhrb
-
MD5
6787bc47fb117dd9ee565060bf696218
-
SHA1
e11600ca6afb97abbb9c42f1ded0d6afc6daef12
-
SHA256
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402
-
SHA512
506c26e3803d30983b8b4e925d5e78e3e27c953d708d5f1fbdbf79a0d2a23d2c299e7021e33c2feccba1de57e1de9ac1b3c6ad5e89bd0e67fdf617ad509105f4
-
SSDEEP
3072:qbvc5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/YS:qbvUS7BqjjYHdrqkL/
Malware Config
Extracted
arrowrat
VenomHVNC
84.17.59.86:10018
IDgbBCwxP
Targets
-
-
Target
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe
-
Size
138KB
-
MD5
6787bc47fb117dd9ee565060bf696218
-
SHA1
e11600ca6afb97abbb9c42f1ded0d6afc6daef12
-
SHA256
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402
-
SHA512
506c26e3803d30983b8b4e925d5e78e3e27c953d708d5f1fbdbf79a0d2a23d2c299e7021e33c2feccba1de57e1de9ac1b3c6ad5e89bd0e67fdf617ad509105f4
-
SSDEEP
3072:qbvc5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/YS:qbvUS7BqjjYHdrqkL/
Score10/10-
ArrowRat
Remote access tool with various capabilities first seen in late 2021.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-