bruteratel | ec3ca0877e599ae9c40cbcec51a9a4718114e33d9e2d9d8c72f5f24d7cebdcbf | Triage

Submit
Reports

Overview

overview

Static

static

1

calma.msi

windows7-x64

6

calma.msi

windows10-2004-x64

Sharing

General

Target

calma.msi
Size

4.6MB
Sample

250220-wa65xa1lft
MD5

27708977fc83f3b70177d6cf68900eba
SHA1

f679bb77e2876b17da2276017df6cf252aa5bd22
SHA256

ec3ca0877e599ae9c40cbcec51a9a4718114e33d9e2d9d8c72f5f24d7cebdcbf
SHA512

831ccd1e4fdda16ff7cd16096e3291b9fa986f814e56aec9d8d0c6a36ae402002940a9d9aa7c1c5c8cf1b8e65c2d9ee529956f9cae3832e513a37bff3839c8ac
SSDEEP

98304:HYVK/AKIN29ryVzg+Vho+5d67amiFP/0hnJRZuq2sDSq5Fwfp:G29W5jmih/0xXLFm

Score

10^/10

bruteratel latrodectus backdoor discovery loader persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

calma.msi

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

calma.msi

Resource

win10v2004-20250217-en

bruteratel latrodectus backdoor discovery loader persistence privilege_escalation

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://tynifinilam.com/test/

https://horetimodual.com/test/

aes.hex

Targets

- Target
  
  calma.msi
- Size
  
  4.6MB
- MD5
  
  27708977fc83f3b70177d6cf68900eba
- SHA1
  
  f679bb77e2876b17da2276017df6cf252aa5bd22
- SHA256
  
  ec3ca0877e599ae9c40cbcec51a9a4718114e33d9e2d9d8c72f5f24d7cebdcbf
- SHA512
  
  831ccd1e4fdda16ff7cd16096e3291b9fa986f814e56aec9d8d0c6a36ae402002940a9d9aa7c1c5c8cf1b8e65c2d9ee529956f9cae3832e513a37bff3839c8ac
- SSDEEP
  
  98304:HYVK/AKIN29ryVzg+Vho+5d67amiFP/0hnJRZuq2sDSq5Fwfp:G29W5jmih/0xXLFm
Score

10^/10

discovery persistence privilege_escalation bruteratel latrodectus backdoor loader
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Detects Latrodectus
  Detects Latrodectus v1.4.
- Latrodectus family
  latrodectus
- Latrodectus loader
  Latrodectus is a loader written in C++.
  loader latrodectus
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

bruteratellatrodectusbackdoordiscoveryloaderpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy