bruteratel | 4ea5258eb8acf1e4627a6a91f4985ac541adde0ebd44eb4ea32d7448b7db230e | Triage

Sharing

General

Target

bulk-download.rl.zip
Size

1.8MB
Sample

241025-mfgyjayajh
MD5

d44a1d977e95b40af083391f0e196712
SHA1

00aee69aacd9b89175cc6eeca01e31d20c70a1aa
SHA256

4ea5258eb8acf1e4627a6a91f4985ac541adde0ebd44eb4ea32d7448b7db230e
SHA512

15679812842dac18b8bb703b69b0b38199d0ed8128e68b0c3a151f2b6aa9c541ff5e22bd6ef5d97e8c10f479a7d60ccfcbf99d8023df5d3ce176bfa2d4e837f7
SSDEEP

49152:BOtmp+JIZ+8CRm7bEYWfWzH4A6elh5alX1y68:2mkJIc8r2+zYA6ov68

Score

10^/10

bruteratel backdoor

Malware Config

Targets

- Target
  
  0a249bd7ff613a7c5e52fea8bd01881b852c1966
- Size
  
  490KB
- MD5
  
  be473eb6114567c37bc61f6fd176a149
- SHA1
  
  0a249bd7ff613a7c5e52fea8bd01881b852c1966
- SHA256
  
  23aef72cca1a44200ebc6b5ec2bcf6785894d7d18181e65f6f9b681bdc0f93ea
- SHA512
  
  74dcb81f0280dcbc5aaf6a911d168d92dc1114da3e68710424388bd4627400c22a07b01013578b2531cceebb31ac3f4094ce0f11a80091ec2bcffa882c46e013
- SSDEEP
  
  12288:lvwucIOuDoepyp1/3/GFTtw/CPyZjZAj6dffffgsnrS3q9QYOi7:++DsndQYP7
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  0ba5ecdc64ab4863e0157174169f84b06aee76c5
- Size
  
  489KB
- MD5
  
  06fd33f5355b72c1f3c8d54f08fa19fe
- SHA1
  
  0ba5ecdc64ab4863e0157174169f84b06aee76c5
- SHA256
  
  1cc95c33ed5d2b592c22e233bfd4aae916f6e00fe3568143121a18d6b8069681
- SHA512
  
  a59e59498f29af9933ae0464c89434daac59052bb012d79a79d9c43c714149b686867ae7bb24788f05ad67919ecece77441a36bfcbe753726200c61107e18679
- SSDEEP
  
  12288:uD9B8J3iR925fFcrGn7Q21Svj07MGpmeSMr24LWulToHRy9L7:uDDulCyJ7
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  178bba8686ea329b884a652fe0f8a0ae0c53d367
- Size
  
  749KB
- MD5
  
  b1ca25f5bb4edd293b3711c77eb99a6f
- SHA1
  
  178bba8686ea329b884a652fe0f8a0ae0c53d367
- SHA256
  
  97a6331239d451d7dfe15bfe17de8b419df741ae68bacd440808f8b8d3f99b8a
- SHA512
  
  d5a282a8f81e117b79616c44a260d89c7fee06f4ac1387675bc79c3bd7599a5d49fbe3d8fb3d4d42eea81a17564abc2d42288bc2dc468d1b16ed633ba421b32d
- SSDEEP
  
  12288:/h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6q4LWYv1AoMJPPyogk31OkRK1OKeQeq:/rD+JPPn8kM1Oej
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  1c85c44eadd77a0e131171dfc412afa215ae9098
- Size
  
  490KB
- MD5
  
  aad442cb0338416e60003573a4740996
- SHA1
  
  1c85c44eadd77a0e131171dfc412afa215ae9098
- SHA256
  
  6a1a8c9d741bbfdc5d1168965da04f78780c054f77ddc426a30c805ed6ee9c9a
- SHA512
  
  6672e47ab3523704df7239be625c6f051050b8e4e2216fe2d3d329a30fc623d1278babc232cb49bcc69ace25edf0e79e1eb54e82ecfa1c4aa5c597e6c8eb049f
- SSDEEP
  
  12288:5h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6q4LWYv1AoMVPPyYk7:5rD+VPPo7
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  63caf6bc065239224f5c53ef3fe38cf81c64d6bf
- Size
  
  490KB
- MD5
  
  1122e6162f129d46f246db506adfaca7
- SHA1
  
  63caf6bc065239224f5c53ef3fe38cf81c64d6bf
- SHA256
  
  f84677fbcbd76ca894d28afe2e812dd9785e5f3111790aea0fd5e4d496f75707
- SHA512
  
  2cd06eb251c2b885d20df331a816d50d316ea4a0748f2c753bd85eb5f40ea85161464f1cad3cb2e239f20fada6a3c6cafa6b63d59cf624a7d39ed59fb3d49ec4
- SSDEEP
  
  12288:KvwucIOuDoepyp1/3/GFTtw/CPyZjZAj6dffffgsnrS3q9QYOJ7:b+DsndQYs7
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  920baac34e0b489273785d5152c96e6c3f5932e7
- Size
  
  490KB
- MD5
  
  cd89896eddafea3cba9651e0810e85e1
- SHA1
  
  920baac34e0b489273785d5152c96e6c3f5932e7
- SHA256
  
  e7b83486e27757791a58b7a5fb1e8673029e0ad2503c10ec9599a9c55eb82927
- SHA512
  
  a2a8bb966b11df5b28bf936fa2a28459053b0d60aa24a30950b8a7b3fe8d461f2c33f6081e26d9bb6922ffb9f9350e68b611b25f7a9f83433aba0726ab92d403
- SSDEEP
  
  12288:Sh/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6q4LWYv1AoMVPPyne7:SrD+VPPr7
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  c3439bcb0ee6d1bda33ef15a3d1d040c331e77d5
- Size
  
  724KB
- MD5
  
  12d56ac4ed9cadb4f6f54c7bd7fdfeb6
- SHA1
  
  c3439bcb0ee6d1bda33ef15a3d1d040c331e77d5
- SHA256
  
  c6c697d658dd221f27a8d58e79a478646877ac6afcf0cbe2ce919862f3889c6b
- SHA512
  
  1a6737f4977b2a0e94498edda635cb09d1ea63ee0072fedec16f1227d99d602298e60d091fd958494b4a6b7730f8c11c670c1164ac57a8c7e7aeb98deb3390b0
- SSDEEP
  
  12288:+h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6C4LWYv1AoMVPPynuJskZVjSKUCWnkoD:+rr+VPPnJs3KUCWkC3r
Score

10^/10

bruteratel backdoor
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Detect BruteRatel badger
- Blocklisted process makes network request
behavioral25 behavioral26 behavioral27 behavioral28

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

bruteratelbackdoor

behavioral26

bruteratelbackdoor

behavioral27

bruteratelbackdoor

behavioral28

bruteratelbackdoor