bruteratel | a1b4db93eb72a520878ad338d66313fbaeab3634000fb7c69b1c34c9f3e17727

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
19/03/2025, 07:13

Target

a1b4db93eb72a520878ad338d66313fbaeab3634000fb7c69b1c34c9f3e17727.dll
Size

2.5MB
MD5

1e804d6e0206af158acc9758f9fff87d
SHA1

596dd881f26f05a41baa862a54d12c3b31adb0e6
SHA256

a1b4db93eb72a520878ad338d66313fbaeab3634000fb7c69b1c34c9f3e17727
SHA512

e9d0dca12ef47f72bf1e865bb3272f73c309dabe329ee411e87a22c3e3014fbc27fca53c31caf8cdbc52ea7b545e5374bc7d249befca4159ad604403a3291d46
SSDEEP

49152:FZzQqIEjvDQPOnRemSBn/VSlsBzXHWjIydNb:FYB5ydNb

Score

10^/10

Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
backdoor bruteratel
Bruteratel family
bruteratel

Detect BruteRatel badger 4 IoCs

resource	yara_rule
behavioral1/memory/848-4-0x000000033A710000-0x000000033A75A000-memory.dmp	family_bruteratel
behavioral1/memory/848-19-0x0000000003AF0000-0x0000000003B2E000-memory.dmp	family_bruteratel
behavioral1/memory/848-18-0x000000033A710000-0x000000033A75A000-memory.dmp	family_bruteratel
behavioral1/memory/848-7-0x000000033A710000-0x000000033A75A000-memory.dmp	family_bruteratel

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 2080	848	rundll32.exe	30
PID 848 wrote to memory of 2080	848	rundll32.exe	30
PID 848 wrote to memory of 2080	848	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1b4db93eb72a520878ad338d66313fbaeab3634000fb7c69b1c34c9f3e17727.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 848 -s 140
  2⤵
  PID:2080

memory/848-4-0x000000033A710000-0x000000033A75A000-memory.dmp

Filesize
296KB

Download
memory/848-19-0x0000000003AF0000-0x0000000003B2E000-memory.dmp

Filesize
248KB

Download
memory/848-18-0x000000033A710000-0x000000033A75A000-memory.dmp

Filesize
296KB

Download
memory/848-9-0x0000000003BC0000-0x0000000003C0C000-memory.dmp

Filesize
304KB

Download
memory/848-8-0x0000000001DF0000-0x0000000003AEC000-memory.dmp

Filesize
29.0MB

Download
memory/848-7-0x000000033A710000-0x000000033A75A000-memory.dmp

Filesize
296KB

Download
memory/848-5-0x0000000003AF0000-0x0000000003B2E000-memory.dmp

Filesize
248KB

Download
memory/848-0-0x0000000180000000-0x0000000181D00000-memory.dmp

Filesize
29.0MB

Download