bruteratel | 29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

29549b75a1...f9.msi

windows7-x64

29549b75a1...f9.msi

windows10-2004-x64

Sharing

General

Target

29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9.msi
Size

1.6MB
Sample

241104-cl2j1stkhk
MD5

9775cb36162fab5d8dbe372cd5910ba7
SHA1

a06d73422ecb931b6b6ae9f2af5f08f50b3d52dc
SHA256

29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9
SHA512

42cc3d3746fc416097b7de340cf1782febe957ee45e17b5c368f6509bb5112cfdd808d223283ef424b5ee1aab0dddc78562a778f196f7962c3f27839f4f60564
SSDEEP

49152:gfj3YhW8zBQSc0ZnSKSZKumZr7AlFBBdtM:cYY0ZnQK/AlprM

Score

10^/10

bruteratel backdoor discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9.msi

Resource

win7-20240903-en

bruteratel backdoor discovery persistence privilege_escalation

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9.msi

Resource

win10v2004-20241007-en

bruteratel backdoor discovery persistence privilege_escalation

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9.msi
- Size
  
  1.6MB
- MD5
  
  9775cb36162fab5d8dbe372cd5910ba7
- SHA1
  
  a06d73422ecb931b6b6ae9f2af5f08f50b3d52dc
- SHA256
  
  29549b75a198ad3aee4f8b9ea328bc9a73eb0e0d07e36775438bbe7268d453f9
- SHA512
  
  42cc3d3746fc416097b7de340cf1782febe957ee45e17b5c368f6509bb5112cfdd808d223283ef424b5ee1aab0dddc78562a778f196f7962c3f27839f4f60564
- SSDEEP
  
  49152:gfj3YhW8zBQSc0ZnSKSZKumZr7AlFBBdtM:cYY0ZnQK/AlprM
Score

10^/10

bruteratel backdoor discovery persistence privilege_escalation
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bruteratelbackdoordiscoverypersistenceprivilege_escalation

behavioral2

bruteratelbackdoordiscoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy