General
-
Target
17483149596.zip
-
Size
965KB
-
Sample
240531-b8tx1sag6t
-
MD5
504609562f54fc080ffe0ff8f82d8ff3
-
SHA1
ef897ca9d6e17e5da6564c73348319cde3289059
-
SHA256
c536edebb7491226b30b81e732d34a2c5b44197c8f3d615f29da73711227f7d1
-
SHA512
46fbce08d91ff7e609a13298c8b89234452bab5c86215e92630f0ae854723894d717780f747eec255975c3a9aa559f6bd0ba2f775a210d06636167e0b4255e3b
-
SSDEEP
24576:riWrPHrTQZPyJtoSA7gOAOk1N5Deed/3QZu8Rl5rD4/:rpDHSPyJtox7gO7INljvQosl+/
Static task
static1
Behavioral task
behavioral1
Sample
bbdbef17dbcf2630ae19138d0dbcd34818a9f9a1167a7e6654f857a87bfe4fa3.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
bbdbef17dbcf2630ae19138d0dbcd34818a9f9a1167a7e6654f857a87bfe4fa3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
bruteratel
192.168.100.208:443
-
c2_auth
U440A82KTMKMI7JF
-
uri
/eyyo.ashm
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Targets
-
-
Target
bbdbef17dbcf2630ae19138d0dbcd34818a9f9a1167a7e6654f857a87bfe4fa3
-
Size
1.6MB
-
MD5
87393a8d5f9fd299a9d490f6db54d88e
-
SHA1
671a02684469c333481ec08ffee3af03ef7138d4
-
SHA256
bbdbef17dbcf2630ae19138d0dbcd34818a9f9a1167a7e6654f857a87bfe4fa3
-
SHA512
e7153ce3344cd3cb884da73f9894bd3544ffdcd8b47438c747de7783ea18098eef85c701b0bdbcff8cdc643a770464adf675d663e7a579779aee9109e1467ef1
-
SSDEEP
24576:yXqSiBXT4As7FLUc2nZpvs9EFw4fUOpeYLVlSG6QXwstNU:yXfQ3cT2ZpvYEeWUSLVDFwd
Score10/10-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-