General
-
Target
https://www.google.com/search?client=opera-gx&q=bad+rabbit+ransomware&sourceid=opera&ie=UTF-8&oe=UTF-8
-
Sample
240610-1a9cgs1cld
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.google.com/search?client=opera-gx&q=bad+rabbit+ransomware&sourceid=opera&ie=UTF-8&oe=UTF-8
Resource
win11-20240426-en
windows11-21h2-x64
18 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://www.google.com/search?client=opera-gx&q=bad+rabbit+ransomware&sourceid=opera&ie=UTF-8&oe=UTF-8
Resource
macos-20240410-en
macos-10.15-amd64
0 signatures
150 seconds
Malware Config
Targets
-
-
Target
https://www.google.com/search?client=opera-gx&q=bad+rabbit+ransomware&sourceid=opera&ie=UTF-8&oe=UTF-8
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-