Resubmissions
08-06-2024 08:50
240608-krvyesae91 1008-05-2024 16:15
240508-tqnx6ach3w 1008-05-2024 16:07
240508-tkr3mafa54 1001-05-2024 18:02
240501-wmf49acg3s 627-04-2024 08:46
240427-kpfeysff8s 1025-04-2024 21:25
240425-z9y55afb7v 1025-04-2024 21:16
240425-z4pphafa97 1025-04-2024 18:27
240425-w3929sde33 1025-04-2024 18:17
240425-ww4a5sdc8x 10General
-
Target
Malware.zip
-
Size
6.4MB
-
Sample
240508-tkr3mafa54
-
MD5
2570272f3d1d089334463f58135099be
-
SHA1
c3c47f1a8420d11be52cf69f2cafcec450b36b36
-
SHA256
2a45e44be359fba4c85591e7b13d1ec772ed181adc41254d8b00d31b2d15878e
-
SHA512
4921f1e3fa8dc8b019587aad62a67b449175fe6cfb8e7b01474a3eb5683c1c475f34247e4a6b248bea3e432ed413721519a52b2d1ef0f3f088876cd98cec31f9
-
SSDEEP
196608:Pjlmaezq3Z39giBgtmHmZMXQ/4LQH6TBAyigHRHu+MKiB:PYaIwgiKt2O9/rH6T6yigHRHGxB
Static task
static1
Behavioral task
behavioral1
Sample
Malware.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Malware.zip
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
Bad Rabit.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Bad Rabit.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Malware.zip
-
Size
6.4MB
-
MD5
2570272f3d1d089334463f58135099be
-
SHA1
c3c47f1a8420d11be52cf69f2cafcec450b36b36
-
SHA256
2a45e44be359fba4c85591e7b13d1ec772ed181adc41254d8b00d31b2d15878e
-
SHA512
4921f1e3fa8dc8b019587aad62a67b449175fe6cfb8e7b01474a3eb5683c1c475f34247e4a6b248bea3e432ed413721519a52b2d1ef0f3f088876cd98cec31f9
-
SSDEEP
196608:Pjlmaezq3Z39giBgtmHmZMXQ/4LQH6TBAyigHRHu+MKiB:PYaIwgiKt2O9/rH6T6yigHRHGxB
Score1/10 -
-
-
Target
Bad Rabit.exe
-
Size
431KB
-
MD5
fbbdc39af1139aebba4da004475e8839
-
SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0
-
SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
-
SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Loads dropped DLL
-