bruteratel | f8e3eef1fda5969a7aabcc8fb5cc9f5fe245bbf6cc8e480459977b8e91eab9bd | Triage

Resubmissions

13-11-2024 08:02

241113-jw7bksybjj 10

13-11-2024 06:16

241113-g1fy3sxbja 10

Analysis

max time kernel
1194s
max time network
1197s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2024 08:02

Sharing

Report Analysis Logs

General

Target

apptext.dll
Size

1.6MB
MD5

86b57c9deafed093d4b47b03823b4d14
SHA1

47947da463dd6f4ecf61ae960235a35144e903a8
SHA256

f8e3eef1fda5969a7aabcc8fb5cc9f5fe245bbf6cc8e480459977b8e91eab9bd
SHA512

5f855ed0a3ecf561c45608d7f4579d6e4b1f1953863e97e0b5fea1f33b38d0e03fef16207d88864d2d936a4e65b677cd259ec248dbf06447b50f9e0488acead3
SSDEEP

24576:M7u7nB/DBD9accSqVO9y/QaDC4F3Zuk5UDJjbDE2W4VO8I/nYY:My/DBD9MVO9yosHF395UlbDBw82nB

Score

10^/10

bruteratel backdoor

Malware Config

Signatures

Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
backdoor bruteratel
Bruteratel family
bruteratel

Detect BruteRatel badger 1 IoCs

resource	yara_rule
behavioral2/memory/2244-0-0x000001C727A70000-0x000001C727AAE000-memory.dmp	family_bruteratel

Blocklisted process makes network request 41 IoCs

flow	pid	Process
18	2244	rundll32.exe
24	2244	rundll32.exe
28	2244	rundll32.exe
34	2244	rundll32.exe
36	2244	rundll32.exe
38	2244	rundll32.exe
40	2244	rundll32.exe
42	2244	rundll32.exe
64	2244	rundll32.exe
66	2244	rundll32.exe
72	2244	rundll32.exe
73	2244	rundll32.exe
74	2244	rundll32.exe
75	2244	rundll32.exe
76	2244	rundll32.exe
81	2244	rundll32.exe
83	2244	rundll32.exe
84	2244	rundll32.exe
86	2244	rundll32.exe
87	2244	rundll32.exe
88	2244	rundll32.exe
89	2244	rundll32.exe
90	2244	rundll32.exe
91	2244	rundll32.exe
92	2244	rundll32.exe
93	2244	rundll32.exe
94	2244	rundll32.exe
95	2244	rundll32.exe
96	2244	rundll32.exe
97	2244	rundll32.exe
98	2244	rundll32.exe
99	2244	rundll32.exe
100	2244	rundll32.exe
101	2244	rundll32.exe
102	2244	rundll32.exe
103	2244	rundll32.exe
104	2244	rundll32.exe
105	2244	rundll32.exe
106	2244	rundll32.exe
107	2244	rundll32.exe
108	2244	rundll32.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe
2244	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\apptext.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2244-0-0x000001C727A70000-0x000001C727AAE000-memory.dmp

Filesize
248KB

Download
memory/2244-1-0x000001C727AB0000-0x000001C727AFC000-memory.dmp

Filesize
304KB

Download
memory/2244-28-0x000001C727AB0000-0x000001C727AFC000-memory.dmp

Filesize
304KB

Download