badrabbit | 7bb62a1edd5f9f56e9d9ca31451034831961358839c12ea73a29faa160b7db84 | Triage

Sharing

General

Target

7bb62a1edd5f9f56e9d9ca31451034831961358839c12ea73a29faa160b7db84
Size

154KB
Sample

210515-wx5w46xz6e
MD5

6496c79fa5ea7fcadc63204ac7486736
SHA1

1e4b8f0c2deb96fda4f007ffd9413746b73ca04d
SHA256

7bb62a1edd5f9f56e9d9ca31451034831961358839c12ea73a29faa160b7db84
SHA512

3f845fb9e7df300f39c3ba24a20fdf07e49eaa92b65ff63bd65b3550c99bc2bc9822c1ebb2d5c83d386806fcde7a4bcf8d3529fea040479fefca25a05da334b8

Score

10^/10

badrabbit evasion ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  7bb62a1edd5f9f56e9d9ca31451034831961358839c12ea73a29faa160b7db84
- Size
  
  154KB
- MD5
  
  6496c79fa5ea7fcadc63204ac7486736
- SHA1
  
  1e4b8f0c2deb96fda4f007ffd9413746b73ca04d
- SHA256
  
  7bb62a1edd5f9f56e9d9ca31451034831961358839c12ea73a29faa160b7db84
- SHA512
  
  3f845fb9e7df300f39c3ba24a20fdf07e49eaa92b65ff63bd65b3550c99bc2bc9822c1ebb2d5c83d386806fcde7a4bcf8d3529fea040479fefca25a05da334b8
Score

10^/10

badrabbit evasion ransomware spyware stealer trojan
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

badrabbitevasionransomwarespywarestealertrojan