Extracted

• • Target

    79ec7c271adcd148064e5324c66d8ea9c1eefd81c44bde7c9ca754f4fb9d80b3.exe

  • Size

    158KB

  • MD5

    7e139460393ef5092b11eff0adbd46f8

  • SHA1

    5ae92024865a0a52f76898327780e21304d3e35f

  • SHA256

    79ec7c271adcd148064e5324c66d8ea9c1eefd81c44bde7c9ca754f4fb9d80b3

  • SHA512

    a852f02e3528ec4bfa3de2aae232acf7a78474303b6221c64965a3eaec55a7e4636cb2fad2e936346dc5e374ec589406b99a68b390dd19a7d1f63b7821fe19ae

  • SSDEEP

    3072:MbztH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPWOO8Y:Mbzte0ODhTEPgnjuIJzo+PPcfPWB8

  Score

  10^/10

  arrowratclientpersistenceratdiscovery

  • ArrowRat

    Remote access tool with various capabilities first seen in late 2021.

    ratarrowrat

  • Arrowrat family

    arrowrat

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2