Resubmissions

03-02-2024 13:00

240203-p8th5shhb2 10

02-02-2024 22:27

240202-2dbfashgb4 3

02-02-2024 22:21

240202-19pr5abfgn 6

02-02-2024 22:15

240202-16f1tabecp 10

02-02-2024 20:09

240202-yw88hagffq 3

02-02-2024 19:16

240202-xy8t3sddd4 3

02-02-2024 19:09

240202-xt4pkadce7 10

02-02-2024 19:05

240202-xrlqzadbg5 3

02-02-2024 19:00

240202-xnt8yafcbj 6

02-02-2024 18:50

240202-xg5fbsche7 6

General

  • Target

    wave.png

  • Size

    10KB

  • Sample

    240202-16f1tabecp

  • MD5

    57bd5782b784673f8e3ebd06f95bdf38

  • SHA1

    1f55e36180024eb5c8fc066a855287898e6b077a

  • SHA256

    986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e

  • SHA512

    9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51

  • SSDEEP

    192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      wave.png

    • Size

      10KB

    • MD5

      57bd5782b784673f8e3ebd06f95bdf38

    • SHA1

      1f55e36180024eb5c8fc066a855287898e6b077a

    • SHA256

      986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e

    • SHA512

      9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51

    • SSDEEP

      192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • Modifies WinLogon for persistence

    • UAC bypass

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks