bruteratel | badger_x64_stealth_rtl[.]bin[.]packed[.]dll[.]exe | Triage

Sharing

General

Target

badger_x64_stealth_rtl.bin.packed.dll.exe
Size

291KB
MD5

dd1686af7c0178fb6f333f94b3d7de5b
SHA1

6712f52409f26caca85e2dac568c556b5abffb74
SHA256

4749186ec02e1600ae8b8031478d7ce7074e96cf70de008ef0037f2d63e93647
SHA512

e18cd4193e5674bd52a4d1c3c974d47bc3b8ec7ce946939d4a7c9eab39e90d91f83af551ac508ba3abf39dc962488c3aa0ea697aa510ae7ed7fe157fa2640f97
SSDEEP

6144:+q2UhPqeabCJNzgNm/qVoe93Zi861RyyZMAyqK2kY:DBhJNzOOQJi86Sy

Score

10^/10

bruteratel

Malware Config

Signatures

Bruteratel family
bruteratel

Detect BruteRatel badger 1 IoCs

resource	yara_rule
sample	family_bruteratel

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
badger_x64_stealth_rtl.bin.packed.dll.exe

Files

badger_x64_stealth_rtl.bin.packed.dll.exe
.dll windows:6 windows x64 arch:x64

ecb712bfe0d1558ffce8f8c2df526278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
VirtualProtect
IsBadReadPtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ