bruteratel | 8144325e7af0e9b0d1de09d6f6b08854d7c7316b5340462d92b3cf61ece16148 | Triage

Sharing

General

Target

b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074.zip
Size

18KB
Sample

230105-zxtd4sdc86
MD5

d765e97bd50b652d18896329ee25d4d2
SHA1

9c0374a5a31d556558e9df932c794eff8058e0e5
SHA256

8144325e7af0e9b0d1de09d6f6b08854d7c7316b5340462d92b3cf61ece16148
SHA512

7cde85840e39793d6aaf6041bfe105d5044f4288e0bbcc9d34625ce565d246bea5b470ac23226dee98859c8bfd20ee8183f0430383f4b3bf128db922fece272f
SSDEEP

384:W5QPOlhh66LffrOt8Yqwx1U9E6/I0ijzCgYhYDRtvqbQU:E9Th66LLOt8TyU9/WCgcbQU

Score

10^/10

bruteratel systembc backdoor

Malware Config

Extracted

Family

systembc

C2

80.66.77.6:4001

80.66.77.60:4001

Extracted

Family

bruteratel

C2

45.43.2.62:443

Attributes

c2_auth
ransomness12345
uri
/blog
/view
/register
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Targets

- Target
  
  b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074
- Size
  
  46KB
- MD5
  
  20a1b981278554db005802d4d8e82596
- SHA1
  
  eaa9172c1cd7f38b17a5e8e952cfff6f5fe6a741
- SHA256
  
  b369ed704c293b76452ee1bdd99a69bbb76b393a4a9d404e0b5df59a00cff074
- SHA512
  
  63f8d3dae6ba43068962c02a54d560281aa4caf46b1c22b977ba89be975c744c1ea00b67d8e35cbcd8afbf01829e6033b536479d332c6acbc8ed0159ee6a70d1
- SSDEEP
  
  768:YMWqDAZLIY2vSDNBDHtsM+/KC9FY1XPEWFXJzuxUknWJbe57xUMvmPPBKPPELYaN:YFqDAZLIY2vShBDHts/99FY1XnQtncbK
Score

10^/10

bruteratel backdoor
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bruteratelbackdoor

behavioral2

bruteratelbackdoor