General
-
Target
6d1e9bdbe3b17d3f38b48f35501b26a9059159298c0196f0cb5a0a0de99fc8aeN
-
Size
90KB
-
Sample
241103-lhqg1szpbt
-
MD5
1be917436f2b88f6b47de91fc0d10920
-
SHA1
9c986ab8a360357a9ef2ef787f9521e9d6f06a8d
-
SHA256
6d1e9bdbe3b17d3f38b48f35501b26a9059159298c0196f0cb5a0a0de99fc8ae
-
SHA512
fffd8437176354215b6642dbf21e8a32a816ab6bd312a96eeae1e1f91edf2b61904d7750a27c9df44b3d5289e63d613530eaaa1d04d16bc94eae28331c9f7fc1
-
SSDEEP
1536:ebRiQMb57SK3bUzZdQ1iIMvnZlbLxjV3AGq5gWlocT1wzySsd9NJ33J:ebR057SKsstcnZTJQDgWPaySsdH5Z
Malware Config
Extracted
arrowrat
ArrowRAT
hypersh.duckdns.org:5558
DjTfbajvJ.exe
Targets
-
-
Target
6d1e9bdbe3b17d3f38b48f35501b26a9059159298c0196f0cb5a0a0de99fc8aeN
-
Size
90KB
-
MD5
1be917436f2b88f6b47de91fc0d10920
-
SHA1
9c986ab8a360357a9ef2ef787f9521e9d6f06a8d
-
SHA256
6d1e9bdbe3b17d3f38b48f35501b26a9059159298c0196f0cb5a0a0de99fc8ae
-
SHA512
fffd8437176354215b6642dbf21e8a32a816ab6bd312a96eeae1e1f91edf2b61904d7750a27c9df44b3d5289e63d613530eaaa1d04d16bc94eae28331c9f7fc1
-
SSDEEP
1536:ebRiQMb57SK3bUzZdQ1iIMvnZlbLxjV3AGq5gWlocT1wzySsd9NJ33J:ebR057SKsstcnZTJQDgWPaySsdH5Z
Score10/10-
ArrowRat
Remote access tool with various capabilities first seen in late 2021.
-
Arrowrat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-