bruteratel | 714944899f2b0fe6496ac15359ba90fb9d9891a84111fc7dc3cd5b1093b17347 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 12:44

Sharing

Report Analysis Logs

General

Target

twist.dll
Size

1.9MB
MD5

33fe5e2d127a35797c7086a0d1ff1102
SHA1

b6c6a5396a23b1aee2e5bac94eff70822f59b125
SHA256

714944899f2b0fe6496ac15359ba90fb9d9891a84111fc7dc3cd5b1093b17347
SHA512

7882fbb011fe4c0ca12491d2cde92090a512944d6eebbeedc10e05bde07bdd87359b1c28941b50b6bebc5416215931e67e178fe2ee7e6013d9d58a5fae459930
SSDEEP

24576:2g7GfSjvBt2ptVDe6jKBNu9+oyOjTCXM79Keh6ykUEPP3:2g7OSNkw7CEoyuuXmUehjkUS

Score

10^/10

bruteratel backdoor

Malware Config

Signatures

Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
backdoor bruteratel

Detect BruteRatel badger 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2612-10-0x0000016627680000-0x00000166276BE000-memory.dmp	family_bruteratel

Blocklisted process makes network request 12 IoCs

Processes:

rundll32.exe

flow	pid	Process
25	2612	rundll32.exe
28	2612	rundll32.exe
30	2612	rundll32.exe
37	2612	rundll32.exe
39	2612	rundll32.exe
41	2612	rundll32.exe
47	2612	rundll32.exe
50	2612	rundll32.exe
66	2612	rundll32.exe
88	2612	rundll32.exe
90	2612	rundll32.exe
92	2612	rundll32.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

rundll32.exe

pid	Process
2612	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\twist.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2612-10-0x0000016627680000-0x00000166276BE000-memory.dmp

Filesize
248KB

Download
memory/2612-1-0x00000166276C0000-0x000001662770C000-memory.dmp

Filesize
304KB

Download
memory/2612-0-0x0000016627680000-0x00000166276BE000-memory.dmp

Filesize
248KB

Download
memory/2612-29-0x00000166276C0000-0x000001662770C000-memory.dmp

Filesize
304KB

Download