Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8064576172.zip
-
Size
108.2MB
-
Sample
220928-q4b9qsgaf2
-
MD5
f0d8f068fb11328b351f2f060a205429
-
SHA1
70637ef8dd72849a941c42290f44ced23a3ec334
-
SHA256
4b95213d319a62985493ec0930d7742c0e892323e39e121204693099858ce791
-
SHA512
cc262c45b2786cefac748c281c037b92d2bf836dd2bb43840f5fd57f1c71fd5b6fa48d6a04846b28ba3562626db353080e2c3465164de9de3c3875c00c750581
-
SSDEEP
3145728:hAwbUAOlme6yUhbF+MIs6X9XdBGVfBRao5PzpT74AEdU:hAwbUA0mekhb0a63uBb5PV4g
Malware Config
Targets
-
-
Target
bruteratel/Brute Ratel EULA.pdf
-
Size
45KB
-
MD5
94d9572d242dd7ae3bb0a506ceec9267
-
SHA1
9b627f7f1ce1ab79f6695f9ed203f40ee97a25c1
-
SHA256
cb2bab21c765e78f154ab41af4cb4b9e65997c919bba4c3fdee50e88bb63c74e
-
SHA512
fc44697c66bf64998a83266decbde07e3edc10f90b00e891234a30d9dc629c4dcd131c40fed767e700cdaf71e4ae6f112da97fdaf102cd18101e2d18c87ce2fc
-
SSDEEP
768:Ua3p/QXGHzC8H5uxvUErg/t26UTvQNAnJ8yizJDSLFaJ3bSRiZMH0GzQxJgPs/O6:NaXO5H5Krg9UTvQN0azzJDSh3RiiY+L2
Score5/10-
Drops file in System32 directory
-
-
-
Target
bruteratel/adaptiveC2/adaptiveC2.py
-
Size
11KB
-
MD5
e0ccf04cbb5a0c28cf1f4ea9c1f407b6
-
SHA1
2fb1d89db3e61aa3388574d1ac24bee1ee76bbf3
-
SHA256
87c98199dbe7426a50531436e345b601ca3388e879729ae2d0229be9b2e62a2f
-
SHA512
71d99020738c2110801fe3676f64b79cdc536539d96c53e4636455d3f65f5894e4e2f574b588eaf1b9d1b1c650d559d8f090add03dd08c5c4613f92932f876f8
-
SSDEEP
192:BWce98cMQcTMyWtjf2Pf4f6iouwSauLW27NumTzuLZN0sn79snaE4nHBhpLKMfXY:BW0QgBgJouwSauLh7NumTzuLZdn7Cnai
Score9/10-
Writes file to system bin folder
-
Write file to user bin folder
-
Writes file to shm directory
Malware can drop malicious files in the shm directory which will run directly from RAM.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
bruteratel/adaptiveC2/cleanAllMsgs.py
-
Size
3KB
-
MD5
8fc4193dcad1c6051f64d0d5d290e5be
-
SHA1
917aeaf442bb74c202651fbeb71c4880ca67bd50
-
SHA256
ca047e6ce2e434840a7f21ebb6924dd2c548aab76af85194323fcff596464771
-
SHA512
8d478f9aa186e118d4dbdc825fb82db13f2d6e55507fe265ab1f2f969068dae585875d46ab65d399f8a09e9432c8c531e6c5df357b8c7996c09f88b757a41300
Score1/10 -
-
-
Target
bruteratel/adaptiveC2/proxylistener.py
-
Size
2KB
-
MD5
0c14628d61b5052fc464bb356f0dbad1
-
SHA1
08439cf282a0dc521157374c35bf5606e22ade92
-
SHA256
6ca25aefe22dee53506d311579e2d86852da14d5c3cc1b722f9a1af9ab384188
-
SHA512
3882593e899b625d28e1c9f309b238200d4e9878a50149c457a428324af6253aaa21d86b0577733b99ff924fad5d301d896f9fe26905ac8f51a53bf6f646f01e
Score9/10-
Writes file to system bin folder
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
bruteratel/adhoc_scripts/badgerNotifier.py
-
Size
4KB
-
MD5
206d540baa72f2df91f4c4b36bee984b
-
SHA1
f8e4a98bf0fbf2b8e9ddacf5fa39876af3bfd9eb
-
SHA256
115016a9a38aa9033fb814e57d839816566191099f3800eeaf9c2d2b584a4b2a
-
SHA512
7d2ed0538f7703320df3cdb16adb4d37590eae16ffa4aa74ecbd3b995d0749735df06248b92929a6cb19fefa1c574be97ce4740bcc270d5e569ff0bf49ccd8bd
-
SSDEEP
96:QtoSkpqZZfYad707qLn79sCL8e7ueGRaM9i:QtoH8ZfYaZ0sn79sCweLGRaM9i
Score9/10-
Writes file to system bin folder
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
bruteratel/adhoc_scripts/genssl.sh
-
Size
95B
-
MD5
cb38d264995eed9b111659b00709abc8
-
SHA1
62d6fe9558e01c7dfe1732a9c0905824f104e340
-
SHA256
b680bf943fa0917c2e376861aaf90842dac589ea3d7954bf77fae7222d4d8da9
-
SHA512
0e8ff897e38888e8608b40b626ac504db0c698a4c006c4d156ba77aa7bfa0fd72a0580641a27dafb16c4d35bd155d3835b59d2774bbfca4fc7b3f751405226ae
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
bruteratel/adhoc_scripts/install.sh
-
Size
330B
-
MD5
824f22de9f76d0a488e117b397631521
-
SHA1
46a0146dc6a5f6e84cf00504bebe1fe9366c2e05
-
SHA256
2843bac3fdc0cfa82edb40dced2e17323097abbf4e3abd3cdce154920c916b90
-
SHA512
c5fed05e897769eb318fd4f0d039a966b6e82e4a977f8cf3a07fcc810be0c2f60cf9b01728ffdfa684833f3040772491d09d893600c3f0af7414f0252b392414
Score8/10-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
bruteratel/adhoc_scripts/openssl_server.sh
-
Size
112B
-
MD5
8316ca8f06d9d5bed9bd65664f66c3a1
-
SHA1
14a7508bb1bcdd5354074b50b3bba3c56b573fa7
-
SHA256
6210719127067d5040b6fe72739e2cdbadbf54df59cc518efbfb3407af32f9ab
-
SHA512
6531e923fedb44edd8f69e7f9b0665115534e9876f10f137a54358ccdde6313daeca1aa1f5c778a357635a40727ee47f1a002b51cd8e16a032e774853f20901a
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
bruteratel/brute-ratel-armx64
-
Size
6.4MB
-
MD5
7f33ff825c4860cb95a7f4ae09278cc5
-
SHA1
99674c9cf43bcd35976b3244bb01c637a525cdfe
-
SHA256
51d0a19dcb5fd8dc8c8a98666bb91341a15655de2789dfa842e891f2a71aa2e9
-
SHA512
e073329a92bd276a154dc20612af626c0cc708a075faf726c33814de006d8ec721d869247be5818bbc19f22bf38a4b8b4b13db24e26c3744e15498f74079d9a5
-
SSDEEP
49152:wTiV/co5rAj6zB2teyK/6xEGwZ+G325EkGJlRz2ySzXgp01:giV/co5cj6zBYeyK/6x/E76
Score1/10 -