General
-
Target
test.txt
-
Size
7B
-
Sample
240210-lm4kfacf44
-
MD5
3e47b75000b0924b6c9ba5759a7cf15d
-
SHA1
0feca720e2c29dafb2c900713ba560e03b758711
-
SHA256
1785cfc3bc6ac7738e8b38cdccd1af12563c2b9070e07af336a1bf8c0f772b6a
-
SHA512
1d6c61c1f237e2664f242b96dfaae5feb325771723d76fac41dba6ef22c45cafefb0951f43309fc6bc852b98a5406d3c2909b606688a882d43c6fb905162b10f
Static task
static1
Behavioral task
behavioral1
Sample
test.txt
Resource
win10-20231220-en
Malware Config
Targets
-
-
Target
test.txt
-
Size
7B
-
MD5
3e47b75000b0924b6c9ba5759a7cf15d
-
SHA1
0feca720e2c29dafb2c900713ba560e03b758711
-
SHA256
1785cfc3bc6ac7738e8b38cdccd1af12563c2b9070e07af336a1bf8c0f772b6a
-
SHA512
1d6c61c1f237e2664f242b96dfaae5feb325771723d76fac41dba6ef22c45cafefb0951f43309fc6bc852b98a5406d3c2909b606688a882d43c6fb905162b10f
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Modifies WinLogon for persistence
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3