Extracted

• • Target

    Client.exe

  • Size

    158KB

  • MD5

    3c4f1cd073b3e89ecb68d543bf5993c0

  • SHA1

    61e177312b22fbc4e2688d3e89fa9b109730d559

  • SHA256

    d14ea2e8707de582868781011b9a07cdbe1c855b5beab114e5ffcc0689bd0550

  • SHA512

    f9b39743df2e2e34fa1bfc72783e9e2a2f893227b27624d1016e915f46a32e9d21cf443d3a8c6a077d9ddd767df82c5eca0f08e633fbf3b02cfb9bcbe694562e

  • SSDEEP

    3072:KbzkH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPtxO8Y:Kbzke0ODhTEPgnjuIJzo+PPcfPt88

  Score

  10^/10

  arrowratclientpersistenceratdiscovery

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • Arrowrat family

    arrowrat

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2