Overview

overview

10

Static

static

10

84c38b9416...a2.exe

windows7-x64

10

84c38b9416...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84c38b94169f02861cf2a2b9450d057b642f2a76cf43b7fe145dd76b09d50ea2.exe

  • Size

    564KB

  • MD5

    38cc0e9b4e311ff18637fb963e9fe3a1

  • SHA1

    7555a776240311ec759a62735ae9d312ed0e6d72

  • SHA256

    84c38b94169f02861cf2a2b9450d057b642f2a76cf43b7fe145dd76b09d50ea2

  • SHA512

    bc081330275d6d7571ef7f5fb1ffaf78f7e6ed0e24bdd16a3bfbc3f0b34442542671b58c2561ed5967c6167d652b2d4c61e4c66d4b57c2b074c55c6dbe450630

  • SSDEEP

    12288:PNdWZZ/Fdqh4JdSstHhP/tIGEwccymDhX:PXWZZ/Fd64HBJhP/tztNbZ

Score
10/10
bruteratelbackdoor

Malware Config

Extracted

Family

bruteratel

C2

192.168.2.5:443

Attributes
  • c2_auth

    LIHCPED9C9IMM0M7

  • uri

    /admin.php

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Signatures

  • Brute Ratel C4

    A customized command and control framework for red teaming and adversary simulation.

    backdoorbruteratel
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84c38b94169f02861cf2a2b9450d057b642f2a76cf43b7fe145dd76b09d50ea2.exe
    "C:\Users\Admin\AppData\Local\Temp\84c38b94169f02861cf2a2b9450d057b642f2a76cf43b7fe145dd76b09d50ea2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 56
      2⤵
      • Program crash
      PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1456-0-0x0000000000410000-0x0000000000465000-memory.dmp

    Filesize

    340KB

    Download

  • memory/1456-1-0x0000000000970000-0x00000000009FF000-memory.dmp

    Filesize

    572KB

    Download