bruteratel | c6c697d658dd221f27a8d58e79a478646877ac6afcf0cbe2ce919862f3889c6b | Triage

Sharing

General

Target

mw_ArPotEx64.dll
Size

724KB
Sample

241027-zk4z3szlbp
MD5

12d56ac4ed9cadb4f6f54c7bd7fdfeb6
SHA1

c3439bcb0ee6d1bda33ef15a3d1d040c331e77d5
SHA256

c6c697d658dd221f27a8d58e79a478646877ac6afcf0cbe2ce919862f3889c6b
SHA512

1a6737f4977b2a0e94498edda635cb09d1ea63ee0072fedec16f1227d99d602298e60d091fd958494b4a6b7730f8c11c670c1164ac57a8c7e7aeb98deb3390b0
SSDEEP

12288:+h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6C4LWYv1AoMVPPynuJskZVjSKUCWnkoD:+rr+VPPnJs3KUCWkC3r

Score

10^/10

bruteratel backdoor discovery

Malware Config

Targets

- Target
  
  mw_ArPotEx64.dll
- Size
  
  724KB
- MD5
  
  12d56ac4ed9cadb4f6f54c7bd7fdfeb6
- SHA1
  
  c3439bcb0ee6d1bda33ef15a3d1d040c331e77d5
- SHA256
  
  c6c697d658dd221f27a8d58e79a478646877ac6afcf0cbe2ce919862f3889c6b
- SHA512
  
  1a6737f4977b2a0e94498edda635cb09d1ea63ee0072fedec16f1227d99d602298e60d091fd958494b4a6b7730f8c11c670c1164ac57a8c7e7aeb98deb3390b0
- SSDEEP
  
  12288:+h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6C4LWYv1AoMVPPynuJskZVjSKUCWnkoD:+rr+VPPnJs3KUCWkC3r
Score

10^/10

bruteratel backdoor discovery
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bruteratelbackdoordiscovery

behavioral2

bruteratelbackdoordiscovery