General
-
Target
b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074.zip
-
Size
18KB
-
Sample
230105-zxtd4sdc86
-
MD5
d765e97bd50b652d18896329ee25d4d2
-
SHA1
9c0374a5a31d556558e9df932c794eff8058e0e5
-
SHA256
8144325e7af0e9b0d1de09d6f6b08854d7c7316b5340462d92b3cf61ece16148
-
SHA512
7cde85840e39793d6aaf6041bfe105d5044f4288e0bbcc9d34625ce565d246bea5b470ac23226dee98859c8bfd20ee8183f0430383f4b3bf128db922fece272f
-
SSDEEP
384:W5QPOlhh66LffrOt8Yqwx1U9E6/I0ijzCgYhYDRtvqbQU:E9Th66LLOt8TyU9/WCgcbQU
Behavioral task
behavioral1
Sample
b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
systembc
80.66.77.6:4001
80.66.77.60:4001
Extracted
bruteratel
45.43.2.62:443
-
c2_auth
ransomness12345
-
uri
/blog
/view
/register
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Targets
-
-
Target
b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074
-
Size
46KB
-
MD5
20a1b981278554db005802d4d8e82596
-
SHA1
eaa9172c1cd7f38b17a5e8e952cfff6f5fe6a741
-
SHA256
b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074
-
SHA512
63f8d3dae6ba43068962c02a54d560281aa4caf46b1c22b977ba89be975c744c1ea00b67d8e35cbcd8afbf01829e6033b536479d332c6acbc8ed0159ee6a70d1
-
SSDEEP
768:YMWqDAZLIY2vSDNBDHtsM+/KC9FY1XPEWFXJzuxUknWJbe57xUMvmPPBKPPELYaN:YFqDAZLIY2vShBDHts/99FY1XnQtncbK
Score10/10-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-