General
-
Target
2024-02-01_5d5ae8c9b7a2af62fcdf385a203bf7b5_bad-rabbit
-
Size
431KB
-
Sample
240201-k2g5baafaq
-
MD5
5d5ae8c9b7a2af62fcdf385a203bf7b5
-
SHA1
b1863b977696682532ac3c3f4345ee52888558fa
-
SHA256
3b04f8d10e7847cffa2e610e299733af239ea28e8709659a992965dce1e8b9c4
-
SHA512
1e50c9101739ddd95ed28bc3946da1e5a720f20a83a6267eff2cc12d2032a3f1728b9ec93a89ef44b0bd12090884d3fbf702b2324f89b8988c25dcea3b5d93a7
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR6V:vT56NbqWRwZaEr3yt2O3XR6V
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-01_5d5ae8c9b7a2af62fcdf385a203bf7b5_bad-rabbit.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-01_5d5ae8c9b7a2af62fcdf385a203bf7b5_bad-rabbit.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2024-02-01_5d5ae8c9b7a2af62fcdf385a203bf7b5_bad-rabbit
-
Size
431KB
-
MD5
5d5ae8c9b7a2af62fcdf385a203bf7b5
-
SHA1
b1863b977696682532ac3c3f4345ee52888558fa
-
SHA256
3b04f8d10e7847cffa2e610e299733af239ea28e8709659a992965dce1e8b9c4
-
SHA512
1e50c9101739ddd95ed28bc3946da1e5a720f20a83a6267eff2cc12d2032a3f1728b9ec93a89ef44b0bd12090884d3fbf702b2324f89b8988c25dcea3b5d93a7
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR6V:vT56NbqWRwZaEr3yt2O3XR6V
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Loads dropped DLL
-