General

  • Target

    2024-02-01_5d5ae8c9b7a2af62fcdf385a203bf7b5_bad-rabbit

  • Size

    431KB

  • Sample

    240201-k2g5baafaq

  • MD5

    5d5ae8c9b7a2af62fcdf385a203bf7b5

  • SHA1

    b1863b977696682532ac3c3f4345ee52888558fa

  • SHA256

    3b04f8d10e7847cffa2e610e299733af239ea28e8709659a992965dce1e8b9c4

  • SHA512

    1e50c9101739ddd95ed28bc3946da1e5a720f20a83a6267eff2cc12d2032a3f1728b9ec93a89ef44b0bd12090884d3fbf702b2324f89b8988c25dcea3b5d93a7

  • SSDEEP

    12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR6V:vT56NbqWRwZaEr3yt2O3XR6V

Malware Config

Targets

    • Target

      2024-02-01_5d5ae8c9b7a2af62fcdf385a203bf7b5_bad-rabbit

    • Size

      431KB

    • MD5

      5d5ae8c9b7a2af62fcdf385a203bf7b5

    • SHA1

      b1863b977696682532ac3c3f4345ee52888558fa

    • SHA256

      3b04f8d10e7847cffa2e610e299733af239ea28e8709659a992965dce1e8b9c4

    • SHA512

      1e50c9101739ddd95ed28bc3946da1e5a720f20a83a6267eff2cc12d2032a3f1728b9ec93a89ef44b0bd12090884d3fbf702b2324f89b8988c25dcea3b5d93a7

    • SSDEEP

      12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR6V:vT56NbqWRwZaEr3yt2O3XR6V

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks