bruteratel | 9003415cc22d4e8b3c444ffcf84bb3f1c3a294d40d1f66329733edfc8472a7d2 | Triage

Submit
Reports

Overview

overview

Static

static

1

Form_Ver-16-46-33.js

windows7-x64

Form_Ver-16-46-33.js

windows10-2004-x64

Form_Ver-16-46-33.js

windows11-21h2-x64

Sharing

General

Target

Form_Ver-16-46-33.js
Size

572KB
Sample

240627-sc787swfrc
MD5

b1da07a445bfdf809306f5fe74e54d67
SHA1

3cec038e474050c290bdf4e670a36f482032ed68
SHA256

9003415cc22d4e8b3c444ffcf84bb3f1c3a294d40d1f66329733edfc8472a7d2
SHA512

728b321b98f45fc6cd1395ee5a34c1ee06ca17800c35ec1ee7f19ac3219aa8fc805140e6d0ecc25a638f8c815db541380d0651df2ff448121477ed3445bd6637
SSDEEP

6144:kMuyrXL4P/YsoZR3U52fYiGnh2xFpMp4/KJHaWTyFIXgBoEKnDmmzPvKYUNul8D7:kM/74PPitCt4XGlgJ5+Dk

Score

10^/10

bruteratel latrodectus backdoor discovery execution loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

Form_Ver-16-46-33.js

Resource

win7-20231129-en

bruteratel latrodectus backdoor discovery execution loader persistence

windows7-x64

13 signatures

1200 seconds

Behavioral task

behavioral2

Sample

Form_Ver-16-46-33.js

Resource

win10v2004-20240508-en

bruteratel backdoor discovery execution

windows10-2004-x64

10 signatures

1200 seconds

Behavioral task

behavioral3

Sample

Form_Ver-16-46-33.js

Resource

win11-20240611-en

bruteratel backdoor discovery execution

windows11-21h2-x64

10 signatures

1200 seconds

Malware Config

Extracted

Family

latrodectus

C2

https://finjuiceer.com/live/

https://trymeakafr.com/live/

Targets

- Target
  
  Form_Ver-16-46-33.js
- Size
  
  572KB
- MD5
  
  b1da07a445bfdf809306f5fe74e54d67
- SHA1
  
  3cec038e474050c290bdf4e670a36f482032ed68
- SHA256
  
  9003415cc22d4e8b3c444ffcf84bb3f1c3a294d40d1f66329733edfc8472a7d2
- SHA512
  
  728b321b98f45fc6cd1395ee5a34c1ee06ca17800c35ec1ee7f19ac3219aa8fc805140e6d0ecc25a638f8c815db541380d0651df2ff448121477ed3445bd6637
- SSDEEP
  
  6144:kMuyrXL4P/YsoZR3U52fYiGnh2xFpMp4/KJHaWTyFIXgBoEKnDmmzPvKYUNul8D7:kM/74PPitCt4XGlgJ5+Dk
Score

10^/10

bruteratel latrodectus backdoor discovery execution loader persistence
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Detect larodectus Loader variant 2
  loader
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bruteratellatrodectusbackdoordiscoveryexecutionloaderpersistence

behavioral2

bruteratelbackdoordiscoveryexecution

behavioral3

bruteratelbackdoordiscoveryexecution

© 2018-2025

Terms | Privacy