General

  • Target

    Ransomware.BadRabbit.zip

  • Size

    394KB

  • Sample

    240114-ykevhsdadp

  • MD5

    e180bc4df144544dd905fcf6f9978960

  • SHA1

    46a24f3fd8890ce52b2eba23f2166a84c2b3a7dd

  • SHA256

    8e4e9f9ee9f568e2e5307b8a878ffce824478c5c9f1b023b3b92a87060a2d6b5

  • SHA512

    4aedf32a400485acbc029545506cccaf1d132e4a896148092e2f5e19da2331e53bea0ca0e56142381243cc7511c7ddd6b5d78609b538db3734e21c44feb534eb

  • SSDEEP

    6144:DSIyTrSHTDTEb/KCo2gd1Fu/S3I7WjiXdU7Hx61GfQ/FgEQPTRLPucKPMq:VHTFVd1FujW9Lx6l/3ElKpD

Malware Config

Targets

    • Target

      Ransomware.BadRabbit.exe

    • Size

      431KB

    • MD5

      fbbdc39af1139aebba4da004475e8839

    • SHA1

      de5c8d858e6e41da715dca1c019df0bfb92d32c0

    • SHA256

      630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

    • SHA512

      74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

    • SSDEEP

      12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks