Behavioral task
behavioral1
Sample
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe
Resource
win10v2004-20241007-en
General
-
Target
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe
-
Size
138KB
-
MD5
6787bc47fb117dd9ee565060bf696218
-
SHA1
e11600ca6afb97abbb9c42f1ded0d6afc6daef12
-
SHA256
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402
-
SHA512
506c26e3803d30983b8b4e925d5e78e3e27c953d708d5f1fbdbf79a0d2a23d2c299e7021e33c2feccba1de57e1de9ac1b3c6ad5e89bd0e67fdf617ad509105f4
-
SSDEEP
3072:qbvc5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/YS:qbvUS7BqjjYHdrqkL/
Malware Config
Extracted
arrowrat
VenomHVNC
84.17.59.86:10018
IDgbBCwxP
Signatures
-
Arrowrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe
Files
-
b766c8001cc928c65188a80a149d8eb11c59178b68cee4437659e67d2f02c402.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ