Overview

overview

10

Static

static

3

Ransomware.7ev3n.exe

windows10-2004-x64

Ransomware...it.exe

windows10-2004-x64

10

MalwareCol...le.zip

windows10-2004-x64

1

MalwareCol....0.zip

windows10-2004-x64

1

MalwareCol...pe.zip

windows10-2004-x64

1

MalwareCol...ot.zip

windows10-2004-x64

1

MalwareCol...fe.zip

windows10-2004-x64

1

Resubmissions

24-02-2024 15:44

240224-s6pzqafh53 10

24-02-2024 14:06

240224-relmjsdh45 10

24-02-2024 11:48

240224-nyvssabe4w 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareCollection-master.zip

  • Size

    57.3MB

  • Sample

    240224-s6pzqafh53

  • MD5

    b59aed5137772e644e29ad334dba17e0

  • SHA1

    a2e545bbe058bddee0f7af68e21c3471d4abc3ab

  • SHA256

    c6a916c33096cd488ca57c28863c433cf5279128aa50ea156761bab6444f4937

  • SHA512

    daaa8ff6ddb53cb2c3c0218f73be43807982b13f0b5893a322bdd719e0f208b7b98586d0516b04e2e0f36c7dea45dde3fa8423c421f7d82cb9dbb14e3cede525

  • SSDEEP

    1572864:9j/A/cygNPTitKk8Gq4+/34speZ0jqmhkv71Cg8a6Egs5:Z/ZygNPTitKkRqh/34sprj3q1C31Egs5

Score
10/10
badrabbitmimikatzevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Ransomware.7ev3n.exe

    • Size

      315KB

    • MD5

      9f8bc96c96d43ecb69f883388d228754

    • SHA1

      61ed25a706afa2f6684bb4d64f69c5fb29d20953

    • SHA256

      7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5

    • SHA512

      550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6

    • SSDEEP

      6144:BswDdb2MemnBVlz0SoVbO4A6OA4Trl28TyT6llY1/I8cWJWlfTXv:BswRSslz0P1OdFXJlJ8buXv

    Score
    10/10
    evasionpersistencetrojan
    behavioral1

    • Target

      Ransomware.BadRabbit.exe

    • Size

      431KB

    • MD5

      fbbdc39af1139aebba4da004475e8839

    • SHA1

      de5c8d858e6e41da715dca1c019df0bfb92d32c0

    • SHA256

      630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

    • SHA512

      74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

    • SSDEEP

      12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63

    Score
    10/10
    badrabbitmimikatzransomware

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

      ransomwarebadrabbit

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral2

    • Target

      MalwareCollection-master/Trojan/Trojan.DesktopPuzzle.zip

    • Size

      121KB

    • MD5

      117e52fe771b57a0f4ff1b60bb11156d

    • SHA1

      85683e612e0d8cd948b5cbc3619ee906f87e232f

    • SHA256

      c1489ac00723abe5af6705e23bc70a6dd23ba5c98d080852b07a284727a2811f

    • SHA512

      ea2503b7c1c6b0bd5c34aaf23517d93510e69b364113c2d7aeaa4e48ffc25d2d953d7e25af4fa8ada528a6969aa72d5471a4f4d2eab4117eb0583eaf4af62e31

    • SSDEEP

      3072:xTFBtKMERzQikryOzbszDjv7SvFx2AJZxicweHUAxy:xTpTERzQjrHyDjT06AJizpt

    Score
    1/10
    behavioral3

    • Target

      MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip

    • Size

      8KB

    • MD5

      6d1c6d848c80c62c8886f3f4a05d9e16

    • SHA1

      cd815164b65537f8134b389ea8698591b5f92043

    • SHA256

      d6eb28f01b2d59777c30d37b851c095ce73c7fca0523805b7c1e6ad687d41d89

    • SHA512

      39dcfd16526e4a9f395a151a277deccee62f46a4e0380adebaa3556e7e6b73ee6a197b32db1b70ec0c1dc6e766e82115e8bce088ce3ba48ca0e9d790b4b20eb2

    • SSDEEP

      192:XIpLlKueTbS91NnmDPYG9Yuq/XmONuwsBThAb4WULr1ZyZdyg:0LlKPSYTYWLqruphAdULTqdV

    Score
    1/10
    behavioral4

    • Target

      MalwareCollection-master/Trojan/Trojan.NoEscape.zip

    • Size

      617KB

    • MD5

      6249d14bba6f2e578af50a32bac74651

    • SHA1

      de4bf281a7c8c1f11c614b7f53e34f0accb2950a

    • SHA256

      23e622bd84485f58e4cffd07549e86554778dcb56de0af90a482b0672536cb0d

    • SHA512

      b6c50493b35f2832770c5440c680887248636009e7ce162de48b1e0b0f00fcb342e08bda767c52968128e4862eede7b1ce9c328072082703a471d6b6e320b133

    • SSDEEP

      12288:clU4YRQtxO8ItI1ks2ZrWWxwgCG/Va2TIRKH4MiySfKRQFrtaX:j4YaOtIas2ZHxd9N52rYX

    Score
    1/10
    behavioral5

    • Target

      MalwareCollection-master/Trojan/Trojan.YouAreAnIdiot.zip

    • Size

      13KB

    • MD5

      4d2efecd59fb51ddf343cab78d6bde75

    • SHA1

      eabe39cbdc9f0ff1b171df3bb88a07d2ce5be9c5

    • SHA256

      3c0873b6479752026644acde4d59e08969cc26cacae62f595a6003f2635dda83

    • SHA512

      c1172fdd1e4655c8cbb93491ef0eb7de5ccbdd4ef3dd27e12468ce3158dc9a6892ba7dedef47c31e63c3916b81d6818688233cf63f4264b72557ea7cec15c7e3

    • SSDEEP

      384:1XSEWgR5i/DWx3uD7GOUYxIX3qEAcGO+m6t8q4Ch8:NSAiCxuDCOUT3qQG7Ve

    Score
    1/10
    behavioral6

    • Target

      MalwareCollection-master/Worm/Email-Worm/Email-Worm.NakedWife.zip

    • Size

      12KB

    • MD5

      5eeda5b06e63cf9897c76c4b36a03a66

    • SHA1

      09a8db46cfe3bc06e73982e2c320496577d65bfe

    • SHA256

      6dc51fbdfcd6a46dfffa4c7d84d30a50280b2702f91584deb3cd226dcf078e03

    • SHA512

      88b25cfe064487e6bc62fa41c8f88516918bad1451a31e4ce300fb736f0a5a5709f941e1f792f3ee09fab2ecd104b6139bef7112ee481c42541ec312655a40a1

    • SSDEEP

      384:gzEL7WCF/j+OES+3SCQvB4YGO13MttarlNvxWLT+O:MEZF/yOESMSCOBhcmbxWLF

    Score
    1/10
    behavioral7

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

2
T1053

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Scheduled Task/Job

2
T1053

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Scheduled Task/Job

2
T1053

Defense Evasion

Modify Registry

3
T1112

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks