Extracted

• • Target

    MSI.msi

  • Size

    1.5MB

  • MD5

    b4a482a7e96cfdef632a7af286120156

  • SHA1

    73e3639a9388af84b9c0f172b3aeaf3823014596

  • SHA256

    ead5ebf464c313176174ff0fdc3360a3477f6361d0947221d31287eeb04691b3

  • SHA512

    15661f1dc751a48f5d213ec99c046e0b9fa1a2201d238d26bee0f15341e9d84611c30f152c463368c6d59f3e7cccb5ae991b1f3127ad65eb3a2ea7823d3b598b

  • SSDEEP

    49152:oIR3YuW8zBQSc0ZnSKYZKumZr7ANCuyspI:FY90ZniK/A8uR

  Score

  10^/10

  bruteratelbackdoordiscoverypersistenceprivilege_escalationlatrodectusloader

  • Brute Ratel C4

    A customized command and control framework for red teaming and adversary simulation.

    backdoorbruteratel

  • Bruteratel family

    bruteratel

  • Detect BruteRatel badger

  • Latrodectus family

    latrodectus

  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus

  • Detect larodectus Loader variant 2

    loader

  • Blocklisted process makes network request

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2