Overview

overview

10

Static

static

f05758c648...db.exe

windows7_x64

1

f05758c648...db.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f05758c648da3f68d5d6bd44eff1f87808cd768103038d65230bc517a9d1dedb

  • Size

    24KB

  • Sample

    210515-r2s21ny6n6

  • MD5

    91516a89dfd2a50be40e012fc3a8e7e1

  • SHA1

    b4be2d16df6a504ff19b2708c02ac8f10d0c75c4

  • SHA256

    f05758c648da3f68d5d6bd44eff1f87808cd768103038d65230bc517a9d1dedb

  • SHA512

    494cbdf081760db86784da44833fc3903444233f7908fc3ce235b78008bced64c36ff72e3ef009b41ab38a57274e44083a7fb7b12542455d84faeb7f672516ce

Score
10/10
badrabbitransomware

Malware Config

Targets

    • Target

      f05758c648da3f68d5d6bd44eff1f87808cd768103038d65230bc517a9d1dedb

    • Size

      24KB

    • MD5

      91516a89dfd2a50be40e012fc3a8e7e1

    • SHA1

      b4be2d16df6a504ff19b2708c02ac8f10d0c75c4

    • SHA256

      f05758c648da3f68d5d6bd44eff1f87808cd768103038d65230bc517a9d1dedb

    • SHA512

      494cbdf081760db86784da44833fc3903444233f7908fc3ce235b78008bced64c36ff72e3ef009b41ab38a57274e44083a7fb7b12542455d84faeb7f672516ce

    Score
    10/10
    badrabbitransomware

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

      ransomwarebadrabbit

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks