bruteratel | pedump[.]bin | Triage

Sharing

General

Target

pedump.bin
Size

252KB
MD5

900cb3d8a065f3c84c7d06cc951f3438
SHA1

73980cfd0ca0fa8889d931976c3052d1e173ab8e
SHA256

d4d56a35770c16b822cab59d937916028e1fb2f85ac5a50a5371a18798ff7222
SHA512

0eeb68f56ff13c0185d5bcbf5ae2754038d48ca2ceae1ba040730c2454310d54fdd7b0f424c2f3277568bfd0e1deead784b6f756b9b6e295664eefe5dc77217c
SSDEEP

6144:DyaDgmT/Ju6oneKGB0EIUqswVOXuicDu6kE:ZDjhzhB5qFVOXRiuF

Score

10^/10

bruteratel

Malware Config

Signatures

Bruteratel family
bruteratel

Detect BruteRatel badger 1 IoCs

Processes:

resource	yara_rule
sample	family_bruteratel

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
pedump.bin

Files

pedump.bin
.dll windows:6 windows x64 arch:x64

9ad6912709cd4c389a18be86a77dfa67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAllocExNuma
GetCurrentProcess

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 512B - Virtual size: 379B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ