MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BruteRatel


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f
SHA3-384 hash: fe429496027c8f71f158db424a0d7f2b9e4b74dc5fc625bdfa2f4eee62eb762a56bd7308516ea5c110cc298ab8793a8b
SHA1 hash: 305b7002b65358a447ec6b49c2059271c48b2517
MD5 hash: 1b97637fd83abfb7ecab040a4cda2d52
humanhash: xray-ceiling-vegan-equal
File name:brc4_d71.exe
Download: download sample
Signature BruteRatel
Create hunting rule
File size:111'914 bytes
First seen:2022-07-09 18:23:00 UTC
Last seen:2022-07-09 18:32:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:kZRYowI2bjdb6EN95QKfTll6xe9/fPu86Rx3ymvjGwWbtibiyA3ObNMc/dHO8lyG:FcpsTll6wPuWbUiyyyC1EAY
Threatray 2 similar samples on MalwareBazaar
TLSH T14FB3813396C329AFC111C573DAE6D232F1737215D7B04B8AD651A37A3AEEE42251CE09
TrID 63.4% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
0.1% (.VXD) VXD Driver (29/21)
Reporter cyb3rops
Tags:BRC4 Brute Ratel C4 BruteRatel exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
580
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f
Verdict:
No threats detected
Analysis date:
2022-07-09 07:00:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/172a5be9-1010-466d-afe3-c16d97959cfe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/285800/
Detection(s):
SecuriteInfo.com.DeepScan.Generic.Brutel.A.EEE732A7.24997.15474.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed spyeye
Link:
https://www.filescan.io/uploads/62c9c788c1b6cfcaa5efdb13/reports/7e2ee32d-7cd0-4cbb-9613-f2cd451d0edb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BruteRatelC4
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0767fcb8-32bf-4460-8034-b7097d6b081b
Result
Threat name:
BruteRatel
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1027777
Signature
Contains functionality to inject threads in other processes
Multi AV Scanner detection for submitted file
Yara detected BruteRatel
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f/
Threat name:
Win64.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2021-03-01 00:37:00 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 41 (48.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=24o4poufeokh4cgg53cdu4tp45no2jen7u5hyt3fg4re5hwql5xq._file
Verdict:
malicious
Similar samples:
4e4cd19c835a2fafb63df3429c6db21507e34fcb33c3072c93f28fb4fc32967b
BruteRatel
abe3031332bae1f6a27965882c14a88f740514103b8532f2fb41ccc925879e59
BruteRatel
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220709-w1f2eafehq/
Unpacked files
SH256 hash:
d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f
MD5 hash:
1b97637fd83abfb7ecab040a4cda2d52
SHA1 hash:
305b7002b65358a447ec6b49c2059271c48b2517
Link:
https://www.unpac.me/results/f84b315d-d790-4b60-94aa-b7bde4055498/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
Cape
Cape
https://www.capesandbox.com/analysis/285800/

Comments