General

  • Target

    Bawless Cracked@Neural_Programmers.zip

  • Size

    13.5MB

  • MD5

    6555ada478f5009c224e953f030943ee

  • SHA1

    35719dca8ce05441e489d82f8d90debf7166ba11

  • SHA256

    35476eff95efc92ff88a5d35b8f58a46e04d4cba91746d78e6b7a206e44dd14c

  • SHA512

    bc5057d56fac9009f856a3718a243a57381e8ce2021640f96601170122b64eb0575ef8e070a0341aa6f2d5dad7f3fa93e12593c49afc9d839a6ecefa9ae5afc1

  • SSDEEP

    393216:+ylvkZPZo3MMqhaSGJ5UMQX7hAdHYWQvukalUcVotUu65:+K821dJiF7OdHYxmflDV465

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

C2

%Hosts%:%Ports%

Mutex

%MTX%

Signatures

  • Arrowrat family
  • Async RAT payload 2 IoCs
  • Asyncrat family
  • Unsigned PE 33 IoCs

    Checks for missing Authenticode signature.

Files

  • Bawless Cracked@Neural_Programmers.zip
    .zip
  • Bawless Cracked@Neural_Programmers/Bawless.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Bawless.exe.config
    .xml
  • Bawless Cracked@Neural_Programmers/Bawless.pdb
  • Bawless Cracked@Neural_Programmers/BouncyCastle.Crypto.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/FontsInstaller.dll
    .dll .vbs windows:4 windows x86 arch:x86 polyglot

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Guna.Charts.WinForms.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/IconExtractor.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Audio.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Chat.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Discord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Extra.dll
    .dll .ps1 windows:4 windows x86 arch:x86 polyglot

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/FileManager.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/FileSearcher.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Fun.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Information.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Keylogger.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Logger.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/MessagePackLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Miscellaneous.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Netstat.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Options.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/ProcessManager.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Recovery.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/Regedit.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/RemoteCamera.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/RemoteDesktop.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/ReverseProxy.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/SendFile.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Plugins/SendMemory.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/ServerCertificate.p12
  • Bawless Cracked@Neural_Programmers/ServerCertificate.pfx
  • Bawless Cracked@Neural_Programmers/Stub/Client.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Stub/Client.pdb
  • Bawless Cracked@Neural_Programmers/Stub/client
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/Vestris.ResourceLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/cGeoIp.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/dnlib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Bawless Cracked@Neural_Programmers/protobuf-net.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections