badrabbit | 96f3ce153153f922fb18e4722b0348aee2c76022bcdee75fadab97023003fe10 | Triage

Submit
Reports

Overview

overview

Static

static

3

FMLN Ransomware.exe

windows7-x64

6

FMLN Ransomware.exe

windows10-2004-x64

Sharing

General

Target

FMLN Ransomware.exe
Size

258KB
Sample

240414-2datrsfe45
MD5

c87988e35ec34779191f42b6213fdec1
SHA1

81036dcf6ea331243f2d512b8ac9611a95a18ea1
SHA256

96f3ce153153f922fb18e4722b0348aee2c76022bcdee75fadab97023003fe10
SHA512

ba32f9bc18fb187fa4dc03bb1db903255c16af62dc903521ddd8fb120e5599bbccb4fa12255f0195a5e51b6a99ee5228bc0515f299c0ebb1b1a5134e61aab9e4
SSDEEP

6144:sBlkZvaF4NTBjWXXn0tHeKMSF0o91TPoEQo:soSWNTRsOBMSF31TgW

Score

10^/10

badrabbit mimikatz ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FMLN Ransomware.exe

Resource

win7-20240221-en

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

FMLN Ransomware.exe

Resource

win10v2004-20240412-en

badrabbit mimikatz ransomware

windows10-2004-x64

30 signatures

300 seconds

Malware Config

Targets

- Target
  
  FMLN Ransomware.exe
- Size
  
  258KB
- MD5
  
  c87988e35ec34779191f42b6213fdec1
- SHA1
  
  81036dcf6ea331243f2d512b8ac9611a95a18ea1
- SHA256
  
  96f3ce153153f922fb18e4722b0348aee2c76022bcdee75fadab97023003fe10
- SHA512
  
  ba32f9bc18fb187fa4dc03bb1db903255c16af62dc903521ddd8fb120e5599bbccb4fa12255f0195a5e51b6a99ee5228bc0515f299c0ebb1b1a5134e61aab9e4
- SSDEEP
  
  6144:sBlkZvaF4NTBjWXXn0tHeKMSF0o91TPoEQo:soSWNTRsOBMSF31TgW
Score

10^/10

ransomware badrabbit mimikatz
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

badrabbitmimikatzransomware

© 2018-2024

Terms | Privacy