← Back to malware index
BruteRatel
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
6 syscalls cited
- NtAllocateVirtualMemoryEx
Reserves or commits virtual memory with extended parameters (preferred NUMA node, CFG, address requirements).
- NtFreeVirtualMemory
Decommits or releases a region of virtual memory in a target process.
- NtQueryVirtualMemory
Retrieves information about pages in a target process's virtual address space.
- NtCreateUserProcess
Creates a new user-mode process and its initial thread from an executable image.
- NtSuspendProcess
Suspends every thread in a target process by incrementing each thread's suspend count.
- NtResumeProcess
Decrements every thread's suspend count in a target process, resuming threads that reach zero.