bruteratel | JaffaCakes118_a6568c74c15d79c4312ca47f9e1e3b42

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_a6568c74c15d79c4312ca47f9e1e3b42
Size

59KB
MD5

a6568c74c15d79c4312ca47f9e1e3b42
SHA1

63e3b8cff69eb3561dddf28b042671cb0c8d2ef4
SHA256

8ccb78e4c7e15c353c3310896dcee5ab60b651743d779cb7384a66654e8a9454
SHA512

e39057c7cdab408cec9e8adc73975c03f0551137adbf9b9849a79719c0cb470e07f265ed6c5f059bfa752d12591fc89c0c0e348e6fd57c066d85c15b42a1cc36
SSDEEP

768:FghGEX/ija+1IJmhh9F3oPg+8ZhjPyf+dmb84ioypo/VYCfsM18wDOoHHPRiv9KU:mGEmhhMY+3fewoo2uYCqWVPAv9/3qQ9v

Score

10^/10

bruteratel

Malware Config

Signatures

Bruteratel family
bruteratel

Detect BruteRatel badger 1 IoCs

resource	yara_rule
sample	family_bruteratel

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a6568c74c15d79c4312ca47f9e1e3b42

Files

JaffaCakes118_a6568c74c15d79c4312ca47f9e1e3b42
.exe windows:4 windows x86 arch:x86

3252fa5a902effb1e95f24fc2e6e53bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA
keybd_event
ShowScrollBar
MessageBoxA
IsChild
ExcludeUpdateRgn
EnumClipboardFormats
EndMenu
EnableMenuItem
DlgDirListComboBoxA
DestroyCursor
AnyPopup
CharLowerA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
TlsFree
TerminateThread
Sleep
LoadLibraryA
IsBadReadPtr
IsBadHugeReadPtr
GetTickCount
FreeLibrary
EnumCalendarInfoW
DeleteAtom
CreateFileMappingA
CompareStringW
AddAtomA

gdi32

GetTextFaceA
GetTextCharacterExtra
GetTextAlign
GetPixel
GetNearestColor
ExcludeClipRect
Chord
CancelDC

winmm

timeEndPeriod
mixerClose
midiStreamProperty
midiOutLongMsg
midiOutGetDevCapsW
midiInGetErrorTextW
midiInAddBuffer
midiDisconnect
joyReleaseCapture
auxSetVolume

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 391KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3252fa5a902effb1e95f24fc2e6e53bd

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

winmm

Sections

.text Size: 21KB - Virtual size: 21KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 391KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 27KB - Virtual size: 29KB

.text
Size: 21KB - Virtual size: 21KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 391KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 27KB - Virtual size: 29KB