boxit
Static task
static1
General
-
Target
bruteratel_1.2.2.Scandinavian_Defense.tar.gz
-
Size
108.7MB
-
MD5
9b6badce82d865c5c9196521d6af1793
-
SHA1
2ad8b747c449a45d5828d8300fef140dd74c3a40
-
SHA256
591c2cd3a9b902a182fbf05bf5423cae17e3e6874c0d2e09107e914d86f39780
-
SHA512
4a99f4add86c46587e3968a593cd464b94289ced521a299632e6a37c48e8258aa3dd9d41e55242ef1459f62b58b92da8ee23f50cd5590ec62d7ebfaf1b302e44
-
SSDEEP
1572864:COszx449qkWzpycjjnPkagvRJlKftO2rsUBKYLDPOhbm641kybVU6DlF+wC4FG9P:A1TLWzgcjjTORTQteU8UTkCUI3vC
Score
N/A
Malware Config
Signatures
Files
-
bruteratel_1.2.2.Scandinavian_Defense.tar.gz.gz
-
sample.tar
-
bruteratel/Brute Ratel EULA.pdf.pdf
-
bruteratel/adaptiveC2/README.md
-
bruteratel/adaptiveC2/adaptiveC2.py.py .sh linux
-
bruteratel/adaptiveC2/cleanAllMsgs.py.py .sh linux
-
bruteratel/adaptiveC2/proxylistener.py.py .sh linux
-
bruteratel/adaptiveC2/shellcode.h
-
bruteratel/adaptiveC2/slack-connector.c
-
bruteratel/adhoc_scripts/badgerNotifier.py.py .sh linux
-
bruteratel/adhoc_scripts/genssl.sh.sh linux
-
bruteratel/adhoc_scripts/install.sh.sh linux
-
bruteratel/adhoc_scripts/openssl_server.sh.sh linux
-
bruteratel/adhoc_scripts/shellcode_loader_samples/Makefile
-
bruteratel/adhoc_scripts/shellcode_loader_samples/shellcode.c
-
bruteratel/adhoc_scripts/shellcode_loader_samples/shellcode.h
-
bruteratel/brute-ratel-armx64.elf linux aarch64
-
bruteratel/brute-ratel-linx64.elf linux x64
-
bruteratel/cert.pem
-
bruteratel/cleanUp.sh
-
bruteratel/commander-runme.sh linux
-
bruteratel/key.pem
-
bruteratel/krb5decoder.elf linux x64
-
bruteratel/lib64/QtWebEngineProcess.elf linux x64
-
bruteratel/lib64/commander.elf linux x64
-
bruteratel/lib64/icudtl.dat
-
bruteratel/lib64/lib/libQt5Core.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5DBus.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5Gui.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5Network.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5Positioning.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5PrintSupport.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5Qml.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5QmlModels.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5Quick.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5QuickWidgets.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5WebChannel.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5WebEngineCore.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5WebEngineWidgets.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5WebSockets.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5Widgets.so.5.elf linux x64
-
bruteratel/lib64/lib/libQt5XcbQpa.so.5.elf linux x64
-
bruteratel/lib64/lib/libicudata.so.56.elf linux x64
-
bruteratel/lib64/lib/libicui18n.so.56.elf linux x64
-
bruteratel/lib64/lib/libicuuc.so.56.elf linux x64
-
bruteratel/lib64/lib/libxcb-xinerama.so.0.elf linux x64
-
bruteratel/lib64/platforms/libX11-xcb.so.1.elf linux x64
-
bruteratel/lib64/platforms/libqxcb.so.elf linux x64
-
bruteratel/lib64/qtwebengine_devtools_resources.pak
-
bruteratel/lib64/qtwebengine_resources.pak.js
-
bruteratel/lib64/qtwebengine_resources_100p.pak.js
-
bruteratel/lib64/qtwebengine_resources_200p.pak.js
-
bruteratel/server_confs/InternalMonologue.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bruteratel/server_confs/PowerView.ps1.ps1
-
bruteratel/server_confs/Seatbelt.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 154KB - Virtual size: 153KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bruteratel/server_confs/bofs/Makefile
-
bruteratel/server_confs/bofs/badger_exports.h
-
bruteratel/server_confs/bofs/decltest.c
-
bruteratel/server_confs/bofs/getdc.c
-
bruteratel/server_confs/bofs/harvester.c
-
bruteratel/server_confs/bofs/obj/decltest64.o
-
bruteratel/server_confs/bofs/obj/decltest86.o
-
bruteratel/server_confs/bofs/obj/getdc.o
-
bruteratel/server_confs/bofs/obj/getdc64.o
-
bruteratel/server_confs/bofs/obj/getdc86.o
-
bruteratel/server_confs/bofs/obj/harvester64.o
-
bruteratel/server_confs/bofs/obj/harvester86.o
-
bruteratel/server_confs/bofs/obj/shadowclone64.o
-
bruteratel/server_confs/bofs/obj/shadowclone86.o
-
bruteratel/server_confs/bofs/obj/vainject64.o
-
bruteratel/server_confs/bofs/obj/vainject86.o
-
bruteratel/server_confs/bofs/shadowclone.c
-
bruteratel/server_confs/bofs/vainject.c
-
bruteratel/server_confs/boxreflect.dll.dll windows x64
838335c3ac93b36e75d51b7e1219f4b0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
msvcrt
__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
fflush
free
fwrite
printf
puts
realloc
signal
strlen
strncmp
vfprintf
user32
MessageBoxA
Exports
Exports
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 1024B - Virtual size: 540B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 2KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 71B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bruteratel/server_confs/brutereflect.dll.dll windows x64
319d2308c252d70fd8212b20c6b8b698
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
msvcrt
__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
fflush
free
fwrite
puts
realloc
signal
strlen
strncmp
vfprintf
user32
MessageBoxA
Exports
Exports
bruteloader
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 1024B - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 2KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 79B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bruteratel/server_confs/creds.csv
-
bruteratel/server_confs/demo-profile.conf
-
bruteratel/server_confs/doh-profile.conf
-
bruteratel/server_confs/hostnames.txt
-
bruteratel/server_confs/http-profile.conf
-
bruteratel/server_confs/patch_envexit/compile.bat
-
bruteratel/server_confs/patch_envexit/getEnvExitPtr.cs.js
-
bruteratel/server_confs/patch_envexit/getEnvExitPtr.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bruteratel/server_confs/patch_envexit/testEnvExit.cs
-
bruteratel/server_confs/patch_envexit/testEnvExit.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1024B - Virtual size: 980B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bruteratel/server_confs/payloadprofile.conf
-
bruteratel/server_confs/proxylistener.py.py .sh linux
-
bruteratel/xmodlib.bin