Resubmissions
03-02-2024 13:00
240203-p8th5shhb2 1002-02-2024 22:27
240202-2dbfashgb4 302-02-2024 22:21
240202-19pr5abfgn 602-02-2024 22:15
240202-16f1tabecp 1002-02-2024 20:09
240202-yw88hagffq 302-02-2024 19:16
240202-xy8t3sddd4 302-02-2024 19:09
240202-xt4pkadce7 1002-02-2024 19:05
240202-xrlqzadbg5 302-02-2024 19:00
240202-xnt8yafcbj 602-02-2024 18:50
240202-xg5fbsche7 6General
-
Target
wave.png
-
Size
10KB
-
Sample
240202-16f1tabecp
-
MD5
57bd5782b784673f8e3ebd06f95bdf38
-
SHA1
1f55e36180024eb5c8fc066a855287898e6b077a
-
SHA256
986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e
-
SHA512
9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51
-
SSDEEP
192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2
Static task
static1
Behavioral task
behavioral1
Sample
wave.png
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
wave.png
Resource
win10v2004-20231222-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
wave.png
-
Size
10KB
-
MD5
57bd5782b784673f8e3ebd06f95bdf38
-
SHA1
1f55e36180024eb5c8fc066a855287898e6b077a
-
SHA256
986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e
-
SHA512
9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51
-
SSDEEP
192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies WinLogon for persistence
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1