General

  • Target

    test.txt

  • Size

    7B

  • Sample

    240210-lm4kfacf44

  • MD5

    3e47b75000b0924b6c9ba5759a7cf15d

  • SHA1

    0feca720e2c29dafb2c900713ba560e03b758711

  • SHA256

    1785cfc3bc6ac7738e8b38cdccd1af12563c2b9070e07af336a1bf8c0f772b6a

  • SHA512

    1d6c61c1f237e2664f242b96dfaae5feb325771723d76fac41dba6ef22c45cafefb0951f43309fc6bc852b98a5406d3c2909b606688a882d43c6fb905162b10f

Malware Config

Targets

    • Target

      test.txt

    • Size

      7B

    • MD5

      3e47b75000b0924b6c9ba5759a7cf15d

    • SHA1

      0feca720e2c29dafb2c900713ba560e03b758711

    • SHA256

      1785cfc3bc6ac7738e8b38cdccd1af12563c2b9070e07af336a1bf8c0f772b6a

    • SHA512

      1d6c61c1f237e2664f242b96dfaae5feb325771723d76fac41dba6ef22c45cafefb0951f43309fc6bc852b98a5406d3c2909b606688a882d43c6fb905162b10f

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • Modifies WinLogon for persistence

    • UAC bypass

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks