arrowrat | 1801c0278583e34f09b0a202c83afbc6f2bb97ab0acb2932057a25e5eba597a6

Resubmissions

07-12-2024 03:02

241207-djr38sylbk 10

Sharing

Copy URL

Twitter E-mail

General

Target

Bawless Windows Cracked By Vidhayakji786.rar
Size

102.1MB
Sample

241207-djr38sylbk
MD5

99a1d2a905676cf0542c2a4d45e58d46
SHA1

35fac87f8ca98865b6dee79023fb1c55cb925f0d
SHA256

1801c0278583e34f09b0a202c83afbc6f2bb97ab0acb2932057a25e5eba597a6
SHA512

3b1027101ef2d18a83aabd399c5ae3432b30f9ce541635ed35d1708864c55f94054b013e1c19e5b681838698067c8d6d722c3f9cf4c8b74c5c4ea8be40da8737
SSDEEP

3145728:lp5yB7PXOvhxn3VGFEWDE6YorqEU+vhI9C:lpIB7PevhVVGbw5oex9C

Score

10^/10

arrowrat asyncrat %group%discovery rat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

%Hosts%:%Ports%

Mutex

%MTX%

Targets

- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/WinTypes.dll
- Size
  
  867KB
- MD5
  
  ed9e0808858db01c14325b6c0f1188f5
- SHA1
  
  4412bc08811417f260beb8d899d3a3a9ad85eefd
- SHA256
  
  a3e691c68a18f376cf57e7e559b95a186f59cbd84807e5e36ff62ad1fb9813d1
- SHA512
  
  3a9de78cbc6c47a6ee796eb27a47cb9b24033fe8e993cb1a906726693068a4cf19ed6dfd842a3e05b4fbfe050867c5afc80f31144f93c8a7edf05d2cec830b00
- SSDEEP
  
  12288:ceX6jM/WbpVqOF41cG+2vFaZZsQspkZ5P7juLxq:HXlWbzE1f+OFaZZPspk/juL
Score

3^/10

discovery
behavioral1
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/cGeoIp.dll
- Size
  
  2.3MB
- MD5
  
  6d6e172e7965d1250a4a6f8a0513aa9f
- SHA1
  
  b0fd4f64e837f48682874251c93258ee2cbcad2b
- SHA256
  
  d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
- SHA512
  
  35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155
- SSDEEP
  
  24576:TRgJE8pkCLLe/K43EnnnclQwIqJY0OjklWXQMFBRpmkL/59ah0USm3uwl00odi9p:TRgfX/59a6USdi9Ues6bV6boLO6r
Score

1^/10
behavioral2 behavioral3
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/dhcpcsvc.dll
- Size
  
  72KB
- MD5
  
  0b27af90b527e63a281692980230a993
- SHA1
  
  8f4701cd35ba5d24fc9b5eb139be5f2fa30bb043
- SHA256
  
  61ff09fb6f5d6a75c65dacd162c52d00592197c951602473bb52e2507235f9e1
- SHA512
  
  86756ce2a88200fc92504014d2e77365589ff36bb5ab0792f1529ae8f823a6fe9f2cede7cd526249933027209044904e3b4838216720a6080628d94aae35abb4
- SSDEEP
  
  1536:2hUKoz65nSqXIxGDUv5OAOYkGmF2xjajeTGdnFkkAD:yUKo+JZDQ5O1JGrOmSnFkkA
Score

3^/10

discovery
behavioral4
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/dhcpcsvc6.dll
- Size
  
  60KB
- MD5
  
  28707cfcf033b47a4fb5e21ef8fc73f7
- SHA1
  
  13716b130c58313e65bf6eba424d2f708801f67b
- SHA256
  
  9c42664ecd27cf48bb929d2903dd677667f0d443f49a275c0f06f7a61afe4d06
- SHA512
  
  18b687db4403394a4bc5b312844b720fa943e1fae5851ca09cd786cdd9a100f934815be84672ce2857cbeb2440a8f57b61a02c812535559d8665c253cb0e9493
- SSDEEP
  
  768:xCsB0w1YxNn5PtlhjYJIkyG8Kp7w2Ln7F00rYQ4:ERtlLsRp7hLn7aWp4
Score

3^/10

discovery
behavioral5
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/diasymreader.dll
- Size
  
  1.1MB
- MD5
  
  029bc61779f43d8d2e12ceffbf040973
- SHA1
  
  98d0aa8a7c77161f1329fbc3a4cccc3230cfce39
- SHA256
  
  583696813e11dc306ad8d446a6930655c53699e77e45535506196d8758f59134
- SHA512
  
  f0e867fb1546aca3078963097f525c7c72915bf7eeeaaef5dadd02262c8c0874856880fd1402c72e3dbf9f34aff32720121310900d47abae67e4f429bd060bfe
- SSDEEP
  
  24576:caeneE/lcaxTtSsoZ+VzznIR749SmmMjuMrVn:0xAzZCzznrlj1
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  4d0b771879de85137ee7e5f0d4bb4b16
- SHA1
  
  fc32cccd0cd5c3ebd968bcdf48e32a7ea25e9bd7
- SHA256
  
  962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd
- SHA512
  
  bae39862ea07ebc5c9aa07a7333a880471baf4bf52eebedc03536e45584887eecc1075e0c0171229a54900ab93a66db9f666aa631c160912f538666da8c9e980
- SSDEEP
  
  24576:0eTHIbE7MJp9VuObrLhR4r9gBLKzcWQSv7fwlwhe:U1JoQJR4rm6k
Score

1^/10
behavioral8 behavioral9
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/dnsapi
- Size
  
  555KB
- MD5
  
  41a10302428481494dcc913e11072d96
- SHA1
  
  d8d8a94003aad8239de1e716cba5b1a2cc145043
- SHA256
  
  05eb0db5a5529b06946812a3f13aa2003369fc462c786c5f7a326a10a0cad7ea
- SHA512
  
  fd8ac2c86bcad936378feda352ad69835e839ee1a0973d5cd6400bbfe5a257e20aa4404d2b1965a5d65919c79e5b5a107efd8edaf9ba65152ca6eb71b02a67cc
- SSDEEP
  
  12288:lEOinLRDkEqn69hf63JNgiZc7jcItW8uzMUPyVQb18Vr5L:lEtnlAEqUN6YiZVOWJMhE8Vr5L
Score

3^/10

discovery
behavioral10
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/fwpuclnt.dll
- Size
  
  335KB
- MD5
  
  694b74107ed33f5288e5adb367cc8311
- SHA1
  
  ac413a657efe28b1655fdfa15ce0af4bd4b23b56
- SHA256
  
  e6eb4be2480f1a953c0f8d4bf73fa0a5d186c38636060bbc65d630089440d14c
- SHA512
  
  3763cb5ddc0e8f608e37dc20c4cf7a2adb707c042a7cfa9ba0b9df32ba820ff3df915768a9a8a814a6c602b6f64fbef24e8e8a12ff01c166b2075557a67ee0e4
- SSDEEP
  
  6144:7sds9MlBjgpwq+qZbSYyG4pjeBpbmJyEDFI9b6S4DdgPup5jjeCv:7DhrXEDI9b6SudA+
Score

3^/10

discovery
behavioral11
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/mscorrc.dll
- Size
  
  373KB
- MD5
  
  16b597b7b69206c829c56776a73b6c40
- SHA1
  
  9403a437e4a865e7cd709d73a0f4f533ef12d98d
- SHA256
  
  529458f53473081aad682eac38772bfd4e559b2907417fc0a9cb0942f38fc6bc
- SHA512
  
  5b454384338c3e5d52d0b9e5463a904ecc367c953fce778471eea9485efe84d0f7bb2f81a18e7a3fc9bf6df9bc1b504dd88aed809e1a142dfce3c3b77de83d23
- SSDEEP
  
  3072:xZiZetSqwtRRWIREvu/S3lZkWVYWxinPhN9OnTJzSeU5mfEw:xnSrtRRbsfkR9OTJzSb+
Score

1^/10
behavioral12 behavioral13
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/mskeyprotect.dll
- Size
  
  48KB
- MD5
  
  1b8dc1ae65e5befa6e45fd2b751f4dd4
- SHA1
  
  ac3cfe1fd8f23e2ee26299abf73327f96279e15b
- SHA256
  
  5f412f0ac2c9950d8080b1f6ee51604b26348e0e1bdc29acffe0f2d2b2826b33
- SHA512
  
  c2291a597b27a8badd1ef1ec7649d857f826064ae613c0716611a62e56faa8ec0a599219a6dce606cf0ca867a64943cded5edfc01510bba9efaa80da275bffe8
- SSDEEP
  
  768:bQ4anuFelTRsd2YSCchU1Hh36oN716DTF0arl9iJA1mpfzrJDOuS+VL7:kylSU6oN7gF0SmfzFHS+
Score

3^/10

discovery
behavioral14
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/ncrypt.dll
- Size
  
  117KB
- MD5
  
  c29fdc3d02ef46d163f9fe0fd41fbfd4
- SHA1
  
  88be4c19c369ba52660a5d0c574b27caf9ffe76c
- SHA256
  
  8e0d37ba010457a6a31172a316e196c8279585149a0ece3532364f82775a06cc
- SHA512
  
  621442cc99724633f02c48480049e047288afff45e7eb50c8f29e70c85233792310296094d90a8854c9a48537ed0f286116f60f08fe403153dfdd6949e866eda
- SSDEEP
  
  1536:92nL8QHNHG0QoPoZnQihIAFEO27inrFYyB5T/YQaQUcA+iiD9F:OBHNHGuomiTB2enCQ8QaLc
Score

3^/10

discovery
behavioral15
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/ncryptsslp.dll
- Size
  
  105KB
- MD5
  
  507ca0468f16b3f835d09bca75f1053d
- SHA1
  
  3bd862f8943609a5dcf968ce3156d0e3af7b1139
- SHA256
  
  a6c8cad15461f2e3d6eed4aebe48f1fd70f885af69bc688e2e86063052c082a1
- SHA512
  
  43ecbc5ed35a2b8412b646cce9b8f0da49c9015b7ebde64de6dc9aec679f92e46dcaa0bee14bd3c83280318e23469bc3bb254553893c75e2457b236d1bdd55be
- SSDEEP
  
  1536:XrEHkw3+A/zxg6xJ4ePneFm9z+juFntceVBuhkf2Rm2ZJ61JnX7WJfyVvIifPr:XyzxH4VFarOhkfcmscX7WmfPr
Score

3^/10

discovery
behavioral16
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/netstandard.dll
- Size
  
  80KB
- MD5
  
  c741e2cc4fa619b298e7cdbb24942d81
- SHA1
  
  51a74c2fe1e5536ccfdc6166b2ac1701721cdf1d
- SHA256
  
  3d54ba2fa7eff3690c6ccc57339e05abe7061472a737004c26683835622d5567
- SHA512
  
  b237c7c0ff72f120eb1b281af77124d6f6ae3d652cdacb8515babbaf72f78fdaa8a25db1e4ba4a67d4b8133b9d0763ebd24f1ccd788f942a96e75c936ed6d352
- SSDEEP
  
  768:fKERQ+rVuzIFZENj4if2EoSIwxca75IkX4esvH64rqbG5U0RSGbA5+8TrVbZ9kw4:c2Ec05j4eAH64rh5fSt5T9nFcI94F
Score

1^/10
behavioral17 behavioral18
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/nlsbres.dll
- Size
  
  19KB
- MD5
  
  88a53f85ce0bc1fcbacf819856893853
- SHA1
  
  d6247b27997326fe1bc00ac0679d23d2bb922308
- SHA256
  
  524450673da08600cb3284d0c0842d5f532925d4054db4eb8702ed6cd140bc25
- SHA512
  
  260df042cec14c3a4ca920c90aed0e15bd9e10fab7bf5039b1372ce20a20791b35b67a00df62e0b7fbde3170fef823333aa56e54c77f3a79a81c2573263dd304
- SSDEEP
  
  384:pWTGWwo1cv2V4OIatE1Y0Ki1R8aK6kOgNfJtaNmi7gUw49a2fUDxu:a2v2ekDiwaKz+Vgx49a2fUDk
Score

1^/10
behavioral19
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/nlsbres.dll.mui
- Size
  
  63KB
- MD5
  
  50d96eac6108de19a4eaeea03e7d2065
- SHA1
  
  82abcc298bd12e796cf3a5463d41fb141b95b6c1
- SHA256
  
  5b970b29b991831cf8b7cb976ec5cbd0875200238a37256f1bd5a0879e17a6f1
- SHA512
  
  46a42c2dd813adfc66dac9a44140aa5ef68e7f5a77a4d4681c022b20ae3ab377a5aae7a9fbd8819406de0216a955ccad85195cd6e914082f6df22473620b2ea0
- SSDEEP
  
  768:qWYgyJslZtUJX+/E3uO3f5+s/Caj6oq3X8t2g11f1432OWF0Z3BDg7tzwrNWd5g+:9eJu/0uc52Kh143HfkMGA081GXy3AUb2
Score

1^/10
behavioral20
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/ntasn1.dll
- Size
  
  148KB
- MD5
  
  0914f845f8da63add50278d5217d899c
- SHA1
  
  b79cc7d5f9bd7d191f8352432e82b0da8c20e2d8
- SHA256
  
  0d4aad23e30f85fdf8e8a74c4850972b815f268992e1a4232bad39205477f71f
- SHA512
  
  7ada4727c1ce75fb8c1085ce835b82761852aadd8c26ab03b8d7cdc092eba1d86f37e434a9a27804eae782f96d65fce90ce11c6ef457dd352a80673069eed44a
- SSDEEP
  
  1536:RqoAfOyiBJJ3coPctrSpUBwDliCHTL9NXHU1o9TBZYMOeAikemZ1/Jg1fB:RgfO/USeBFCHT3HU1gZaV1OB
Score

3^/10

discovery
behavioral21
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rasadhlp.dll
- Size
  
  12KB
- MD5
  
  2bdb750ce974d6fc447bd83042f65c2e
- SHA1
  
  293178a8fe40368ae654230ad5eaa5d600632d71
- SHA256
  
  44149b50b456326fe9afc59cfda485a975fc052f9437ba4c3007677a9b865630
- SHA512
  
  25e2cdcc4670ee67ec72e19270245966e3fab0a97e2cc2e86b5b281a3e85eb39613ed34a93f7e1895c2f15f7bae2faa964daedfc6d63275792a0631d635bc8c3
- SSDEEP
  
  192:B32HNPT+NX4dREFRPhZsrE7ji6c60cyEtq6vae2WpYWJn63:pm+NX4HEFlQrvFclqI2WpYW
Score

3^/10

discovery
behavioral22
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rasapi32.dll
- Size
  
  878KB
- MD5
  
  69b2f23f06420dd5919c2af8fb4be6f4
- SHA1
  
  9720b2ed320b58e48bbb6bca7b440b799956952f
- SHA256
  
  75da42558d25cc0019d68c9851cd0590fcdd706809cd1d40f354d209de8727f5
- SHA512
  
  ae6e633b89cecd21798b97f7408563af2f7a440c17471a62fced4054bd056bae61c796ea941977d60da1ee23ef1c5bd4f995262c48f5af93e4669f697eb6ae14
- SSDEEP
  
  24576:X29JJqlCO5AewHz7elq/MmBBwbH5x62yHN:G6s2lq/MmBwz62yt
Score

3^/10

discovery
behavioral23
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rawdump_01DC0000.exe
- Size
  
  1KB
- MD5
  
  d5f876317cc464877e5d8e90457903ef
- SHA1
  
  5b74846770a3fc4058bc98b2bc0b68119cddc129
- SHA256
  
  c47cbacbf5027956df4a67b5f49db3619d0226dec5c960d4f7dedd4e54a0948e
- SHA512
  
  fa76ea06610500876616fbdc92bff6407f5c62b32932a8f69993cb81bfa5743db2b3a52f1214859d6af611c4ac0eec9807d26f1c2fe7fc3b63b3c5f7bc703394
Score

1^/10
behavioral24 behavioral25
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rawdump_03C7B928.dll
- Size
  
  126KB
- MD5
  
  df1166fbdbab4ac7816321addb1fe30b
- SHA1
  
  185a3021c4f26d9ff328b2bace93bc21b21f5fa6
- SHA256
  
  fc825f452f741def2f11416f93e3a2d0477523ee70799de8dc98d227710fd248
- SHA512
  
  e6c2bcb6a613ec1d42c3709606a8cab1567d9327902dde484463200d8dcd4d10bed401a56899a7f27f0cb02ff626b72536baa03fc6d254c16d1557e5d5cda398
- SSDEEP
  
  1536:fI47bCYiWACk62smhs2A+d37gdQjs5OaHkKZR7o9E0o9es7cMRnsKL:fI47bCYQiY1Wkw8s7NsKL
Score

3^/10

discovery
behavioral26 behavioral27
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rawdump_05E00000.dll
- Size
  
  2KB
- MD5
  
  0470de2f97671e7148bdca31f2a7cd39
- SHA1
  
  4c92b49bfd22060dc5d9c8266a09e17ca412f9c0
- SHA256
  
  347f927fd2097d76fccef5135ed7aab7d44d7f6ab760cd96a0122aa3bc5f7b7e
- SHA512
  
  7b3e9a228256394fb6433e2dcf7f1c5c1e2a39e55ad79e2fac378438b416e48078628e4c2b47ebe730527816076bf419e37e83572c28b2125f78903087a5c5bc
Score

1^/10
behavioral28
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rawdump_088E0000.exe
- Size
  
  1KB
- MD5
  
  9488bca89843d024ff0cf7ca8f54a140
- SHA1
  
  11ca018efe5e35485b6966941910ae369fc4c9c8
- SHA256
  
  b1fc48521d04d56e41ddef4f85b25ca174f3b46739834b914661d975ed421d0d
- SHA512
  
  14170a2f031ef96e3f9850184e2a269ec7b6cf33ca70ccdb7e00a1b23f4b01cd7a8dda4e01c6b2b00b36ec6d3802fe8e4b6bb7b75c98d6035f47ee44384ad439
Score

1^/10
behavioral29 behavioral30
- Target
  
  Bawless Windows Cracked By Vidhayakji786/Logs/rawdump_092FBA55.exe
- Size
  
  157KB
- MD5
  
  77fdab910751ae4b3b437ed594ee1b4d
- SHA1
  
  04feabf0b665f3e4bc29950f7ffc291d9cc4a9d1
- SHA256
  
  ee0fbd09ef81052faa267adb297a644ab51e80245e66346f97e31834bae9814b
- SHA512
  
  6c5682df48028f0660e50d4e450cbd742f02668f46df2757920e0305ba4cb8cfa00221119a24f2916b4013b4569d7829ad8d5e4e98287c451410a87b4d883b2d
- SSDEEP
  
  3072:ZvCOiVCBJsloBT76JYFMyHJ1EBXv3U6N/ptI2oGCfDLs/eMRKXBogytZOaZ:ZMc4lo8JOMysFU6JUrs/egKX8tcaZ
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32