Resubmissions

26-02-2024 18:15

240226-wv4khsdb8t 3

26-02-2024 18:01

240226-wlxevada2t 6

26-02-2024 17:58

240226-wj98xscc64 6

26-02-2024 17:47

240226-wc9zkscb27 7

26-02-2024 17:30

240226-v3fyrabg35 10

26-02-2024 17:25

240226-vzrababf39 8

26-02-2024 17:07

240226-vndvvabc96 7

26-02-2024 16:42

240226-t7vf9sbd4s 10

General

  • Target

    gato.jpeg

  • Size

    54KB

  • Sample

    240226-v3fyrabg35

  • MD5

    cd869039e351b02dde534759ae627caa

  • SHA1

    8c227c8532a3106c82009117500a53fceb8adcda

  • SHA256

    8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f

  • SHA512

    81a5b30497bb3cf7b6257728ef5f04b2e45d1ec23e159035210292b13514a82313e19c68878f50bd10a9382ed5b6a83c6356d2d2c0607a79ec2e8afbc9bc3fc0

  • SSDEEP

    1536:g6taN+v7AZswe0Q4qKjLkvqwWsXcWQeldDrVh5Bh0K4:QEAneazLaMWQWdDJh5vI

Malware Config

Targets

    • Target

      gato.jpeg

    • Size

      54KB

    • MD5

      cd869039e351b02dde534759ae627caa

    • SHA1

      8c227c8532a3106c82009117500a53fceb8adcda

    • SHA256

      8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f

    • SHA512

      81a5b30497bb3cf7b6257728ef5f04b2e45d1ec23e159035210292b13514a82313e19c68878f50bd10a9382ed5b6a83c6356d2d2c0607a79ec2e8afbc9bc3fc0

    • SSDEEP

      1536:g6taN+v7AZswe0Q4qKjLkvqwWsXcWQeldDrVh5Bh0K4:QEAneazLaMWQWdDJh5vI

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • Modifies WinLogon for persistence

    • UAC bypass

    • mimikatz is an open source tool to dump credentials on Windows

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks