General

  • Target

    17483149596.zip

  • Size

    965KB

  • Sample

    240531-b8tx1sag6t

  • MD5

    504609562f54fc080ffe0ff8f82d8ff3

  • SHA1

    ef897ca9d6e17e5da6564c73348319cde3289059

  • SHA256

    c536edebb7491226b30b81e732d34a2c5b44197c8f3d615f29da73711227f7d1

  • SHA512

    46fbce08d91ff7e609a13298c8b89234452bab5c86215e92630f0ae854723894d717780f747eec255975c3a9aa559f6bd0ba2f775a210d06636167e0b4255e3b

  • SSDEEP

    24576:riWrPHrTQZPyJtoSA7gOAOk1N5Deed/3QZu8Rl5rD4/:rpDHSPyJtox7gO7INljvQosl+/

Score
10/10

Malware Config

Extracted

Family

bruteratel

C2

192.168.100.208:443

Attributes
  • c2_auth

    U440A82KTMKMI7JF

  • uri

    /eyyo.ashm

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Targets

    • Target

      bbdbef17dbcf2630ae19138d0dbcd34818a9f9a1167a7e6654f857a87bfe4fa3

    • Size

      1.6MB

    • MD5

      87393a8d5f9fd299a9d490f6db54d88e

    • SHA1

      671a02684469c333481ec08ffee3af03ef7138d4

    • SHA256

      bbdbef17dbcf2630ae19138d0dbcd34818a9f9a1167a7e6654f857a87bfe4fa3

    • SHA512

      e7153ce3344cd3cb884da73f9894bd3544ffdcd8b47438c747de7783ea18098eef85c701b0bdbcff8cdc643a770464adf675d663e7a579779aee9109e1467ef1

    • SSDEEP

      24576:yXqSiBXT4As7FLUc2nZpvs9EFw4fUOpeYLVlSG6QXwstNU:yXfQ3cT2ZpvYEeWUSLVDFwd

    Score
    10/10
    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

MITRE ATT&CK Matrix

Tasks