Overview

overview

10

Static

static

0642a552c1...c3.exe

windows7_x64

8

0642a552c1...c3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0642a552c182937af9875f855b94fe3b3e355f239c21a57d33fe070188b1a3c3

  • Size

    440KB

  • Sample

    210516-vcvn5e89fe

  • MD5

    013ccaecc95e64172c47b1fbee601452

  • SHA1

    aaeb69f63db3cad489d5f9779b91f860b2c7c4d7

  • SHA256

    0642a552c182937af9875f855b94fe3b3e355f239c21a57d33fe070188b1a3c3

  • SHA512

    3edf399669457504b6fe0c981ba7b896260e92194770e41fd8395656263398f677b7f740483ef9e9cff8df66d1a9419933c45f39eb82497edbb64fcf56a45416

Score
10/10
badrabbitransomware

Malware Config

Targets

    • Target

      0642a552c182937af9875f855b94fe3b3e355f239c21a57d33fe070188b1a3c3

    • Size

      440KB

    • MD5

      013ccaecc95e64172c47b1fbee601452

    • SHA1

      aaeb69f63db3cad489d5f9779b91f860b2c7c4d7

    • SHA256

      0642a552c182937af9875f855b94fe3b3e355f239c21a57d33fe070188b1a3c3

    • SHA512

      3edf399669457504b6fe0c981ba7b896260e92194770e41fd8395656263398f677b7f740483ef9e9cff8df66d1a9419933c45f39eb82497edbb64fcf56a45416

    Score
    10/10
    badrabbitransomware

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

      ransomwarebadrabbit

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks