bruteratel | cf77442ede59690ba06c67f12b1bed7d337aa37a657286c77985565f4f815d0e

General

Target

cf77442ede59690ba06c67f12b1bed7d337aa37a657286c77985565f4f815d0e
Size

5.3MB
MD5

3b45a26ecd84a17c5170ac1448d0c3a5
SHA1

70f0ff2cf554ee6eb519dc63068459df41422628
SHA256

cf77442ede59690ba06c67f12b1bed7d337aa37a657286c77985565f4f815d0e
SHA512

2a34414b12ffa3d3a7781cc87c15ec4cb312385bb67b4ba2e3f05bceff1b71a55748e901c68fd3a6493c7ade39aadb392461d0ddb14ceb9004e734282909a320
SSDEEP

98304:F6j/mT8cBvwWwQXY3Zn3KcrFnijBwahnq7Q1/1DBYjzMWQLO6rhjjd3YAjnh4Pk3:JT8kv5XsJHpiVw6q7Q1NDKlQLOKGa4ZW

Score

10^/10

upx bruteratel

Malware Config

Extracted

Family

bruteratel

C2

6�^��}7�&��~8�*��9�(��0�)��-�_��=�+�� q�Q��w�W��e�E��r�R��t�T��y�Y��u�U��i�I� ��o�O��p�P��[�{��]�}�� a�A��s�S��d�D�� f�F��!g�G��"h�H��#j�J� ��$k�K��%l�L��&;�:��''�"��(`�~��)��\�:��z�Z��,x�X��-c�C��.v�V��/b�B��0n�N��1m�M� ��2,�<��3.�>��4/�?��5��*��r�� ;�T�^�h�<�U�_�i�=�V�`�j�>�W�a�k�?�X�b�l�@�Y�c�m�A�Z�d�n�B�[�e�o�C�\�f�p�D�]�g�q��G7��w��H8��I9��-��K4��s��5��M6��t��+��O1��u��P2��Q3��v��R0��S.��CorExitProcess��mscoree.dll�runtime error ��TLOSS error ��SING error ��DOMAIN error ��R6034 An application has made an attempt to load the C runtime library incorrectly. Please contact the application's support team for more information. ��R6033 - Attempt to use MSIL code from this assembly during native code initialization This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. ��R6032 - not enough space for locale information ��R6031 - Attempt to initialize the CRT more than once. This indicates a bug in your application. ��R6030 - CRT not initialized ��R6028 - unable to initialize heap ��R6027 - not enough space for lowio initialization ��R6026 - not enough space for stdio initialization ��R6025 - pure virtual function call ��R6024 - not enough space for _onexit/atexit table ��R6019 - unable to open console device ��R6018 - unexpected heap error ��R6017 - unexpected multithread lock error ��R6016 - not enough space for thread data � This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. ��R6009 - not enough space for environment �R6008 - not enough space for arguments ��R6002 - floating point support not loaded ��Microsoft Visual C++ Runtime Library�� ...�<program name unknown>��Runtime Error! Program: ��x8B��8B�� !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{

ø,��#y��_�?q�k�ƚ�W�H:�P�X�:ǈuIl��<�{%��<�g�¤�� V��L��ۙ��^�=�Uχ��e �?e��ik�>iӿ�

>��-] )v�v�H��H��+��=�Z��l_��.(RI$G� ��+��: ��,L�kyt��ȖY6<y��d��1�xf��iڙQ�jz��?(��"��@?��R�=Ꮔ��t��o;�Y��sY~*��};�ƌ�ya<�4��T�&:�Ak��S

ץx��JG��K��V�3�>�v�z֋q{a�\Y�{�e��˷��;��Ǭ\�Z^�`��PI��:�{`�'�w?�Y

/�Z �A��ǯ�5��И4I6��l��H��Ev©'�O5��h�uYf�w�_nx7��ِ��8�5�k1\��__��}>��M�jS"lE��i��}��X��[Ѯ��#i.��ow��l��Оk��2��U�l��d��~p�'�� q��=�ͬn��xl��C��Z��V��%h>�z�^�iw��y��%�:�"�%��;��?�> �-�`�u/�":��.��l�j׶�d��Z5��1��w�%uf*�.�Ԃg��n��}^�R�K�_]G�l'��!M��A>��h�ǀ��-�mN��)�S ��*,f6�T��0�OJ]S�A��+��I@o�Q��N�=�6�ک�Z��#X�&�Wh��o�� *��-��?�z��x��~��CJ�欼G5��MmѢ�&�V��d��zwÔ��g�7 ��k�t�C{�mk_k�Yt��x� � '��VP�<�WQ�#�׺}�WKd,^Q'�!s��8�qր8��_�.x��1Zgú��~��-n�[.��6�'�>��djt�0��S��+�� W��V�E��W��E��`��'%�yx^��/��X��ǟ_��Q�MFy��1`�$�5/�61�Z�uߘ��8�G�L�+��ɠ

Attributes

c2_auth
e�?zN=:W�x�H�_��.��eh��Q��dP^��Z�G�ˡ^��5��,p?Rj��ᯁ�e��eu7�VX��>�F@�Ȧh�K��'❄r3�� r�Ҩ�I-�i��o�K1 �9��?#�m�i��j
uri
/@��/@��V@��W@��G_@��a@��c@��}d@��$e@�8e@��2h@��i@��

/�F�&�m��#�I2{#�cϵU�÷�o��-o��1h.��%]T��;N+վ*�gP�~ ��b��2W��tXjMlx��e�[Mg

��2��Zw�_j�E�-�[�N��8?�޺��q��j�Za�f��)/&M�s�~q؃��=s�U��u��n

/��γ�Ǹ��>k�y32z��}?*��A]Yӧ��)�2�h�ٮH��"18Q�PA9�@��

/�Z �A��ǯ�5��И4I6��l��H��Ev©'�O5��h�uYf�w�_nx7��ِ��8�5�k1\��__��}>��M�jS"lE��i��}��X��[Ѯ��#i.��ow��l��Оk��2��U�l��d��~p�'�� q��=�ͬn��xl��C��Z��V��%h>�z�^�iw��y��%�

/𔞾}��-lC��%7��/��_�%S�y��7K�[��M��`-K��d�/ӼK6��=k@Ktx�V��RN��

0;�5�_TA�;]&L/�%��?ĉjU�$��O��
user_agent
{��e��e��3�^

Signatures

Bruteratel family
bruteratel

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

cf77442ede59690ba06c67f12b1bed7d337aa37a657286c77985565f4f815d0e
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 17.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 901KB - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.4MB - Virtual size: 21.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 17.1MB

UPX1 Size: 5.3MB - Virtual size: 5.3MB

.rsrc Size: 33KB - Virtual size: 36KB

Headers

File Characteristics

Sections

CODE Size: 901KB - Virtual size: 900KB

DATA Size: 13KB - Virtual size: 12KB

BSS Size: - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 64KB - Virtual size: 64KB

.rsrc Size: 21.4MB - Virtual size: 21.4MB

UPX0
Size: - Virtual size: 17.1MB

UPX1
Size: 5.3MB - Virtual size: 5.3MB

.rsrc
Size: 33KB - Virtual size: 36KB

CODE
Size: 901KB - Virtual size: 900KB

DATA
Size: 13KB - Virtual size: 12KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 21.4MB - Virtual size: 21.4MB