bruteratel | 1563c707316c4b74e1b697d924ac22c1

Sharing

Copy URL Twitter E-mail

General

Target

1563c707316c4b74e1b697d924ac22c1
Size

567KB
MD5

1563c707316c4b74e1b697d924ac22c1
SHA1

2154b9fdeff4a729984a1e4e9152ddf13ce428dc
SHA256

cab0da87966e3c0994f4e46f30fe73624528d69f8a1c3b8a1857962e231a082b
SHA512

b389f945d1fc5679d35e08933d401dcd592136f6d999482ed5866173a1a8b2ae2e9747d815de1221197d5530918be9aee11d6d91e11c9fc7be60dbd54e962d82
SSDEEP

12288:lPfN/y7YUrL08z+YOC/VON7O8Q8SYXfGhB:lXNa7YUMYC7TQXwfGH

Score

10^/10

bruteratel

Malware Config

Extracted

Family

bruteratel

d1mk8l112pgjru.cloudfront.net,d1ashlvz1t40i3.cloudfront.net:443

Attributes

c2_auth
QP5DD3SET7UMG8KB
uri
/precious-versions/onedrive

/latest/developer/documents
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36

Signatures

Bruteratel family
bruteratel

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1563c707316c4b74e1b697d924ac22c1

Files

1563c707316c4b74e1b697d924ac22c1
.dll windows:6 windows x64 arch:x64

f70c41d0af3624ee1f132f4c9a493cd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect

user32

EnumChildWindows

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memcpy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 14B

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f70c41d0af3624ee1f132f4c9a493cd3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 274KB - Virtual size: 273KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 285KB - Virtual size: 286KB

.pdata Size: 512B - Virtual size: 480B

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 8B

.voltbl Size: 512B - Virtual size: 14B

.rsrc Size: 512B - Virtual size: 232B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 274KB - Virtual size: 273KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 285KB - Virtual size: 286KB

.pdata
Size: 512B - Virtual size: 480B

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 8B

.voltbl
Size: 512B - Virtual size: 14B

.rsrc
Size: 512B - Virtual size: 232B

.reloc
Size: 512B - Virtual size: 48B