logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for biotechnology industry professionals · Wednesday, July 24, 2024 · 730,180,164 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > Biotechnology News Topics: By Country | By State ; Press Releases by Industry Channel > All Biotechnology Press Releases

ANY.RUN Exposes the Use of Brute Ratel C4 for Loading Latrodectus Malware

DUBAI, DUBAI, UNITED ARAB EMIRATES, July 24, 2024 /EINPresswire.com/ -- ANY.RUN, a leader in cybersecurity solutions, has published a detailed analysis on the use of the Brute Ratel C4 (BRC4) framework to deploy the recently discovered Latrodectus malware loader.

𝐁𝐫𝐮𝐭𝐞 𝐑𝐚𝐭𝐞𝐥 𝐂𝟒 𝐢𝐧 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲
Brute Ratel C4, first introduced in December 2020, is a commercial Command and Control (C2) framework designed for adversarial attack simulations, red-team engagements, and penetration testing. It stands out from other C2 frameworks due to its ability to bypass and avoid EDR solutions.

𝐍𝐞𝐰 𝐋𝐚𝐭𝐫𝐨𝐝𝐞𝐜𝐭𝐮𝐬 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐂𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬
Latrodectus, believed to be the successor of the notorious ICEDID malware, has been linked to the same threat actor group. This new loader is used in multi-stage attacks, typically initiated through phishing emails containing malicious JavaScript or PDF files.

𝐈𝐧-𝐃𝐞𝐩𝐭𝐡 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐋𝐚𝐭𝐫𝐨𝐝𝐞𝐜𝐭𝐮𝐬 𝐛𝐲 𝐀𝐍𝐘.𝐑𝐔𝐍
ANY.RUN's guest expert, Mohamed Talaat, conducted comprehensive research on a complex multi-stage attack involving the Brute Ratel C2 framework and the Latrodectus malware.

The team started by analyzing a malicious MSI file. Using reverse engineering, they uncovered how the badger loaded the Latrodectus loader into memory. Key steps included identifying a hidden DLL, decrypting a payload, and tracing advanced evasion techniques.

𝐈𝐦𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐏𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥𝐬
The analysis reveals all the steps in how the Brute Ratel C4 framework's badger component was employed to deploy the Latrodectus malware loader into the victim's system.

Learn more details about the research on ANY.RUN’s blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍
ANY.RUN offers a suite of cybersecurity products, including an interactive sandbox and a Threat Intelligence portal. Trusted by over 400,000 professionals globally, the sandbox provides an efficient and user-friendly platform for analyzing malware targeting both Windows and Linux systems. In addition, ANY.RUN's Threat Intelligence services, comprising Lookup, Feeds, and YARA Search, allow users to gather critical information about threats and respond to incidents with enhanced speed and accuracy.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
YouTube

Powered by EIN Presswire
Distribution channels: Companies, Electronics Industry, IT Industry, Technology


EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.

Submit your press release

Biotechnology News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook & Twitter and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2024 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement