Extracted

• • Target

    neuro.msi

  • Size

    1.8MB

  • MD5

    3645512add0c8cb24a88d2ffe3fe7620

  • SHA1

    66dbfe6ffc1918f51b28af1abf55df0d1beaefe6

  • SHA256

    d71bfab9cca5df6a28e12ba51fe5eaf0f9151514b3fd363264513347a8c5cf3a

  • SHA512

    85151258ccb3b590716aed87c4a6a24ba74931aab0b378e279d9ab510fce94dfd26632d8ba44975e8136b1a9cc6c190e64c8b223f5f5e4f5b9cb3c6fb4a9429c

  • SSDEEP

    49152:/YM3YuW8zBQSc0ZnSKYZKumZr7AH6odeQCC:bY90ZniK/AHHdvCC

  Score

  10^/10

  bruteratelbackdoordiscoverypersistenceprivilege_escalationlatrodectusloader

  • Brute Ratel C4

    A customized command and control framework for red teaming and adversary simulation.

    backdoorbruteratel

  • Bruteratel family

    bruteratel

  • Detect BruteRatel badger

  • Latrodectus family

    latrodectus

  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus

  • Detect larodectus Loader variant 2

    loader

  • Blocklisted process makes network request

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2behavioral3