General
-
Target
IMG_0750.jpg
-
Size
303KB
-
Sample
231124-pr17nabf4s
-
MD5
2a51b0a807d9f22493f43f274bd296d9
-
SHA1
c08d9785eea512083446f288befd05962685dcfb
-
SHA256
602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b
-
SHA512
94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5
-
SSDEEP
6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa
Static task
static1
Behavioral task
behavioral1
Sample
IMG_0750.jpg
Resource
win10v2004-20231023-en
Behavioral task
behavioral2
Sample
IMG_0750.jpg
Resource
ubuntu1804-amd64-20231026-en
Malware Config
Targets
-
-
Target
IMG_0750.jpg
-
Size
303KB
-
MD5
2a51b0a807d9f22493f43f274bd296d9
-
SHA1
c08d9785eea512083446f288befd05962685dcfb
-
SHA256
602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b
-
SHA512
94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5
-
SSDEEP
6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Async RAT payload
-
Clears Windows event logs
-
mimikatz is an open source tool to dump credentials on Windows
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-