badrabbit | 37e7dec8f8de477da158368bffbb15ab7e8e17132987ea557b27da89639df857 | Triage

Submit
Reports

Overview

overview

Static

static

1

BadRabbit.exe

windows10-2004-x64

Sharing

General

Target

BadRabbit(password is password).zip
Size

431KB
Sample

230602-r6q2cabh64
MD5

8928efcff47ccb9af46d6688364842f2
SHA1

f2e9046f5e38b043ec2d42b00682744f2ce55dd9
SHA256

37e7dec8f8de477da158368bffbb15ab7e8e17132987ea557b27da89639df857
SHA512

f6f06eb454a9c1d7ea70586737f2f6ca6a82be3fcfd6367d495b1d4e2479645e1e92931fac360af98ebe04628f8b258f87a131afe2b02e2c8f869f3562d1301b
SSDEEP

12288:wQJEGUHIuwuHgzmhGUmFY65GBKsRfX3CJ4QNqGgST:PCcm565G7B3CNd

Score

10^/10

badrabbit mimikatz evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

BadRabbit.exe

Resource

win10v2004-20230220-en

badrabbit mimikatz evasion ransomware

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  BadRabbit.exe
- Size
  
  431KB
- MD5
  
  fbbdc39af1139aebba4da004475e8839
- SHA1
  
  de5c8d858e6e41da715dca1c019df0bfb92d32c0
- SHA256
  
  630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
- SHA512
  
  74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
- SSDEEP
  
  12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score

10^/10

badrabbit mimikatz evasion ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Deletes NTFS Change Journal
  The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
  ransomware
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Clears Windows event logs
  evasion ransomware
- mimikatz is an open source tool to dump credentials on Windows
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Indicator Removal on Host

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Destruction

Inhibit System Recovery

Tasks

static1

behavioral1

badrabbitmimikatzevasionransomware

© 2018-2024

Terms | Privacy