General
-
Target
Ransomware.BadRabbit.zip
-
Size
394KB
-
Sample
240114-ykevhsdadp
-
MD5
e180bc4df144544dd905fcf6f9978960
-
SHA1
46a24f3fd8890ce52b2eba23f2166a84c2b3a7dd
-
SHA256
8e4e9f9ee9f568e2e5307b8a878ffce824478c5c9f1b023b3b92a87060a2d6b5
-
SHA512
4aedf32a400485acbc029545506cccaf1d132e4a896148092e2f5e19da2331e53bea0ca0e56142381243cc7511c7ddd6b5d78609b538db3734e21c44feb534eb
-
SSDEEP
6144:DSIyTrSHTDTEb/KCo2gd1Fu/S3I7WjiXdU7Hx61GfQ/FgEQPTRLPucKPMq:VHTFVd1FujW9Lx6l/3ElKpD
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.BadRabbit.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Ransomware.BadRabbit.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Ransomware.BadRabbit.exe
-
Size
431KB
-
MD5
fbbdc39af1139aebba4da004475e8839
-
SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0
-
SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
-
SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Loads dropped DLL
-