8064576172[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8064576172.zip
Size

108.2MB
MD5

f0d8f068fb11328b351f2f060a205429
SHA1

70637ef8dd72849a941c42290f44ced23a3ec334
SHA256

4b95213d319a62985493ec0930d7742c0e892323e39e121204693099858ce791
SHA512

cc262c45b2786cefac748c281c037b92d2bf836dd2bb43840f5fd57f1c71fd5b6fa48d6a04846b28ba3562626db353080e2c3465164de9de3c3875c00c750581
SSDEEP

3145728:hAwbUAOlme6yUhbF+MIs6X9XdBGVfBRao5PzpT74AEdU:hAwbUA0mekhb0a63uBb5PV4g

Score

N/A

Malware Config

Signatures

Files

8064576172.zip
.zip

Password: infected
591c2cd3a9b902a182fbf05bf5423cae17e3e6874c0d2e09107e914d86f39780
.gz
591c2cd3a9b902a182fbf05bf5423cae17e3e6874c0d2e09107e914d86f39780
.tar
bruteratel/Brute Ratel EULA.pdf
.pdf
bruteratel/adaptiveC2/README.md
bruteratel/adaptiveC2/adaptiveC2.py
.py .sh linux
bruteratel/adaptiveC2/cleanAllMsgs.py
.py .sh linux
bruteratel/adaptiveC2/proxylistener.py
.py .sh linux
bruteratel/adaptiveC2/shellcode.h
bruteratel/adaptiveC2/slack-connector.c
bruteratel/adhoc_scripts/badgerNotifier.py
.py .sh linux
bruteratel/adhoc_scripts/genssl.sh
.sh linux
bruteratel/adhoc_scripts/install.sh
.sh linux
bruteratel/adhoc_scripts/openssl_server.sh
.sh linux
bruteratel/adhoc_scripts/shellcode_loader_samples/Makefile
bruteratel/adhoc_scripts/shellcode_loader_samples/shellcode.c
bruteratel/adhoc_scripts/shellcode_loader_samples/shellcode.h
bruteratel/brute-ratel-armx64
.elf linux aarch64
bruteratel/brute-ratel-linx64
.elf linux x64
bruteratel/cert.pem
bruteratel/cleanUp.sh
bruteratel/commander-runme
.sh linux
bruteratel/key.pem
bruteratel/krb5decoder
.elf linux x64
bruteratel/lib64/QtWebEngineProcess
.elf linux x64
bruteratel/lib64/commander
.elf linux x64
bruteratel/lib64/icudtl.dat
bruteratel/lib64/lib/libQt5Core.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5DBus.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5Gui.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5Network.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5Positioning.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5PrintSupport.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5Qml.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5QmlModels.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5Quick.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5QuickWidgets.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5WebChannel.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5WebEngineCore.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5WebEngineWidgets.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5WebSockets.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5Widgets.so.5
.elf linux x64
bruteratel/lib64/lib/libQt5XcbQpa.so.5
.elf linux x64
bruteratel/lib64/lib/libicudata.so.56
.elf linux x64
bruteratel/lib64/lib/libicui18n.so.56
.elf linux x64
bruteratel/lib64/lib/libicuuc.so.56
.elf linux x64
bruteratel/lib64/lib/libxcb-xinerama.so.0
.elf linux x64
bruteratel/lib64/platforms/libX11-xcb.so.1
.elf linux x64
bruteratel/lib64/platforms/libqxcb.so
.elf linux x64
bruteratel/lib64/qtwebengine_devtools_resources.pak
bruteratel/lib64/qtwebengine_resources.pak
.js
bruteratel/lib64/qtwebengine_resources_100p.pak
.js
bruteratel/lib64/qtwebengine_resources_200p.pak
.js
bruteratel/server_confs/InternalMonologue.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bruteratel/server_confs/PowerView.ps1
.ps1
bruteratel/server_confs/Seatbelt.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bruteratel/server_confs/bofs/Makefile
bruteratel/server_confs/bofs/badger_exports.h
bruteratel/server_confs/bofs/decltest.c
bruteratel/server_confs/bofs/getdc.c
bruteratel/server_confs/bofs/harvester.c
bruteratel/server_confs/bofs/obj/decltest64.o
bruteratel/server_confs/bofs/obj/decltest86.o
bruteratel/server_confs/bofs/obj/getdc.o
bruteratel/server_confs/bofs/obj/getdc64.o
bruteratel/server_confs/bofs/obj/getdc86.o
bruteratel/server_confs/bofs/obj/harvester64.o
bruteratel/server_confs/bofs/obj/harvester86.o
bruteratel/server_confs/bofs/obj/shadowclone64.o
bruteratel/server_confs/bofs/obj/shadowclone86.o
bruteratel/server_confs/bofs/obj/vainject64.o
bruteratel/server_confs/bofs/obj/vainject86.o
bruteratel/server_confs/bofs/shadowclone.c
bruteratel/server_confs/bofs/vainject.c
bruteratel/server_confs/boxreflect.dll
.dll windows x64

838335c3ac93b36e75d51b7e1219f4b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
fflush
free
fwrite
printf
puts
realloc
signal
strlen
strncmp
vfprintf

user32

MessageBoxA

Exports

Exports

boxit

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bruteratel/server_confs/brutereflect.dll
.dll windows x64

319d2308c252d70fd8212b20c6b8b698

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
fflush
free
fwrite
puts
realloc
signal
strlen
strncmp
vfprintf

user32

MessageBoxA

Exports

Exports

bruteloader

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bruteratel/server_confs/creds.csv
bruteratel/server_confs/demo-profile.conf
bruteratel/server_confs/doh-profile.conf
bruteratel/server_confs/hostnames.txt
bruteratel/server_confs/http-profile.conf
bruteratel/server_confs/patch_envexit/compile.bat
bruteratel/server_confs/patch_envexit/getEnvExitPtr.cs
.js
bruteratel/server_confs/patch_envexit/getEnvExitPtr.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bruteratel/server_confs/patch_envexit/testEnvExit.cs
bruteratel/server_confs/patch_envexit/testEnvExit.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bruteratel/server_confs/payloadprofile.conf
bruteratel/server_confs/proxylistener.py
.py .sh linux
bruteratel/xmodlib.bin

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 18KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 154KB - Virtual size: 153KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

838335c3ac93b36e75d51b7e1219f4b0

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 96B

.rdata Size: 1024B - Virtual size: 784B

.pdata Size: 1024B - Virtual size: 540B

.xdata Size: 512B - Virtual size: 428B

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 71B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 92B

319d2308c252d70fd8212b20c6b8b698

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 96B

.rdata Size: 1024B - Virtual size: 784B

.pdata Size: 1024B - Virtual size: 552B

.xdata Size: 512B - Virtual size: 436B

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 79B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 92B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

.text
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 154KB - Virtual size: 153KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 96B

.rdata
Size: 1024B - Virtual size: 784B

.pdata
Size: 1024B - Virtual size: 540B

.xdata
Size: 512B - Virtual size: 428B

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 71B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 96B

.rdata
Size: 1024B - Virtual size: 784B

.pdata
Size: 1024B - Virtual size: 552B

.xdata
Size: 512B - Virtual size: 436B

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 79B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1024B - Virtual size: 980B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B