badrabbit | 92e764fc16284e034e7608c2edd404537b5f1ed18e6ec55a42e9bf3cffa904dd | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-26...ry.exe

windows7-x64

2024-04-26...ry.exe

windows10-2004-x64

Sharing

General

Target

2024-04-26_cfff3d6a65ed27626da9ce130ff1203c_bad-rabbit_cerber_eternalpetya_metamorfo_petya_wannacry
Size

9.8MB
Sample

240426-bt52qsha29
MD5

cfff3d6a65ed27626da9ce130ff1203c
SHA1

c8113686f28a88541d097e56bd877e7decf70f73
SHA256

92e764fc16284e034e7608c2edd404537b5f1ed18e6ec55a42e9bf3cffa904dd
SHA512

9ebe5fda4dc820a9212dcbf30326656fa5303ecb8c89bbd49043168d2c4b5bb755e6dad8c468886d885a6a4bf8a8357ea642415626ef7025703cfb81c0af96a3
SSDEEP

196608:8BPgnBgF6nnXAqPe1Cxcxk3ZAEUadzR8yc4gw7mLqFRb2HxH:9nBgF6nQqG1Fxk3mEUadzRURfqHAR

Score

10^/10

badrabbit mimikatz ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-26_cfff3d6a65ed27626da9ce130ff1203c_bad-rabbit_cerber_eternalpetya_metamorfo_petya_wannacry.exe

Resource

win7-20240221-en

badrabbit mimikatz ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-26_cfff3d6a65ed27626da9ce130ff1203c_bad-rabbit_cerber_eternalpetya_metamorfo_petya_wannacry.exe

Resource

win10v2004-20240412-en

badrabbit mimikatz ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-26_cfff3d6a65ed27626da9ce130ff1203c_bad-rabbit_cerber_eternalpetya_metamorfo_petya_wannacry
- Size
  
  9.8MB
- MD5
  
  cfff3d6a65ed27626da9ce130ff1203c
- SHA1
  
  c8113686f28a88541d097e56bd877e7decf70f73
- SHA256
  
  92e764fc16284e034e7608c2edd404537b5f1ed18e6ec55a42e9bf3cffa904dd
- SHA512
  
  9ebe5fda4dc820a9212dcbf30326656fa5303ecb8c89bbd49043168d2c4b5bb755e6dad8c468886d885a6a4bf8a8357ea642415626ef7025703cfb81c0af96a3
- SSDEEP
  
  196608:8BPgnBgF6nnXAqPe1Cxcxk3ZAEUadzR8yc4gw7mLqFRb2HxH:9nBgF6nQqG1Fxk3mEUadzRURfqHAR
Score

10^/10

badrabbit mimikatz ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

badrabbitmimikatzransomware

behavioral2

badrabbitmimikatzransomware

© 2018-2024

Terms | Privacy