badrabbit | 51db95fb72ba2b52a47d6824bc65cf055852e7e71b517c282004e47001b631f2 | Triage

Submit
Reports

Overview

overview

Static

static

1

y+tu+keri+...ng.mp4

windows10-2004-x64

Resubmissions

01-11-2023 06:15

231101-gzwcdabd61 10

01-11-2023 06:14

231101-gzk7eabd6z 6

01-11-2023 05:56

231101-gm3kxsbc3z 6

01-11-2023 05:48

231101-ghw8cadd36 1

01-11-2023 05:45

231101-gftz7sbb6z 1

Sharing

General

Target

y+tu+keri+o+nooo++#magicgang.mp4
Size

593KB
Sample

231101-gzwcdabd61
MD5

017ef81026c1956d8c5cdd2eb68b51c4
SHA1

7a511485e691cc1a7a299f11b5be49fb7e32fd2f
SHA256

51db95fb72ba2b52a47d6824bc65cf055852e7e71b517c282004e47001b631f2
SHA512

44fb405addc45d3efce74e4ddf1542ff50a74c468b38767f11816dce9a8274cd2430f3bf92f20343f470dfa20923458b3f603c0adff65554ccc9f42f57065ef8
SSDEEP

12288:Odeu59/kMA28kWqKF3oa8yzC02xQum10HDdwwvego0BHmdfxqaf:OB/PfmRoNy202nmaHDdwwvelfkaf

Score

10^/10

badrabbit mimikatz ransomware

Static task

static1

Behavioral task

behavioral1

Sample

y+tu+keri+o+nooo++#magicgang.mp4

Resource

win10v2004-20231020-en

badrabbit mimikatz ransomware

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  y+tu+keri+o+nooo++#magicgang.mp4
- Size
  
  593KB
- MD5
  
  017ef81026c1956d8c5cdd2eb68b51c4
- SHA1
  
  7a511485e691cc1a7a299f11b5be49fb7e32fd2f
- SHA256
  
  51db95fb72ba2b52a47d6824bc65cf055852e7e71b517c282004e47001b631f2
- SHA512
  
  44fb405addc45d3efce74e4ddf1542ff50a74c468b38767f11816dce9a8274cd2430f3bf92f20343f470dfa20923458b3f603c0adff65554ccc9f42f57065ef8
- SSDEEP
  
  12288:Odeu59/kMA28kWqKF3oa8yzC02xQum10HDdwwvego0BHmdfxqaf:OB/PfmRoNy202nmaHDdwwvelfkaf
Score

10^/10

badrabbit mimikatz ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

badrabbitmimikatzransomware

© 2018-2025

Terms | Privacy