badrabbit | 9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d | Triage

Submit
Reports

Overview

overview

Static

static

9d044def0f...5d.exe

windows7_x64

9d044def0f...5d.exe

windows10_x64

Sharing

General

Target

9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d
Size

1.1MB
Sample

210515-mq4zzjg8vj
MD5

0a44ea401960942fb659e2516a47a230
SHA1

af730afece5517a2e8e27d873d2241814381feb2
SHA256

9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d
SHA512

73a110d75540dd3b33d344e3bcf7633d19bc74f703d709de93a6389fd22ee8429267c175c1adafd9816924b421ed9b3dc1a33d4d4f93887b179f33eec5bea31a

Score

10^/10

badrabbit xmrig miner persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d.exe

Resource

win7v20210410

xmrig miner persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d.exe

Resource

win10v20210410

badrabbit xmrig miner persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d
- Size
  
  1.1MB
- MD5
  
  0a44ea401960942fb659e2516a47a230
- SHA1
  
  af730afece5517a2e8e27d873d2241814381feb2
- SHA256
  
  9d044def0f2ecf958fc8fad895547a924058a34f795bff9a3d5f33ddc1e4c65d
- SHA512
  
  73a110d75540dd3b33d344e3bcf7633d19bc74f703d709de93a6389fd22ee8429267c175c1adafd9816924b421ed9b3dc1a33d4d4f93887b179f33eec5bea31a
Score

10^/10

xmrig miner persistence badrabbit ransomware
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigminerpersistence

behavioral2

badrabbitxmrigminerpersistenceransomware

© 2018-2025

Terms | Privacy