Overview

overview

10

Static

static

3

06e75de2b3...cf.exe

windows7-x64

10

06e75de2b3...cf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17500849207.zip

  • Size

    963KB

  • Sample

    240531-b8pcjabh49

  • MD5

    7862bf20b0e6a758f81d2439e7692140

  • SHA1

    2c6ad9547d08a06dcc879967aa0103047d4b4e0a

  • SHA256

    02a67610c40f402d8b1b7a27e315a641498fa4c09f4a47f593972d8888634385

  • SHA512

    16286507c823f751aad9e0b1277824d269485426fedf4e91ea69471c05d5b25a483287eb801c383f037d385d75b2406fd37377faad2ba63db665c77dd03c11da

  • SSDEEP

    12288:UAxSCqZQqN9L7xwjFTopBgPm7pe84zA6AXYqicWKI0mLtg7q3M0GZ/5ZAyMY:7QQqTxwTSQ836AoqWKI0mLtjM0wrMY

Score
10/10
bruteratelbackdoor

Malware Config

Extracted

Family

bruteratel

C2

192.168.100.208:443

Attributes
  • c2_auth

    MGSG0CNUM8EHDLOC

  • uri

    /download.aspx

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Targets

    • Target

      06e75de2b3378426806fba7958a658bb8b6f55d88cc5ca77ee9d428f470cdccf

    • Size

      1.6MB

    • MD5

      dd95bb2662719e1aec56c76747d07a44

    • SHA1

      b34c98bfc8edb4946b6b89359d59e5d10fe39c25

    • SHA256

      06e75de2b3378426806fba7958a658bb8b6f55d88cc5ca77ee9d428f470cdccf

    • SHA512

      1967b3fc056ecc0570be80d4673af7e323c7600a5a9c95c460b0dd0cfe7310408e31f28337638415b5b1cd1516476223ea4b762e518aa222348fa4bd8fb6f57a

    • SSDEEP

      24576:8fzdIBSIyZupLDXXh0+KxF8CIS7G/lEeXxsDOlxpwv4zlPCSfNr3FYDN:lTXTKExS7G/VsDKHxlh1YD

    Score
    10/10
    bruteratelbackdoor

    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

      backdoorbruteratel

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks