Resubmissions

26-06-2024 04:15

240626-evbfasxcjn 8

26-06-2024 04:04

240626-em282stflf 10

26-06-2024 04:01

240626-elpassteng 7

General

  • Target

    IMG_3065.png

  • Size

    402KB

  • Sample

    240626-em282stflf

  • MD5

    478f0b9ab82b1ee6020658d02193c91d

  • SHA1

    8d5452e21d3f9284a7ba468f414bb53e4baaca8b

  • SHA256

    6416b6784c92cd55a530ed870554f165f1035ef3ce7d820de9d0fa6b13ddb4a6

  • SHA512

    0220b83ddd2610c71e53bed8a30404eae7033a520c301c7dec92224b6f58589be8cbb03786ad1d40f53bd590aa18815748b258cfefe67006a58431c523359c82

  • SSDEEP

    6144:I6696xbMlEggdFWFMKUN5exG1PRcYgtHl274UjFnEKVqSMPESEa5ZelA6+KAQ1:I66MbMVFpUbeABR4Hq6FSMPV8A3KAW

Malware Config

Targets

    • Target

      IMG_3065.png

    • Size

      402KB

    • MD5

      478f0b9ab82b1ee6020658d02193c91d

    • SHA1

      8d5452e21d3f9284a7ba468f414bb53e4baaca8b

    • SHA256

      6416b6784c92cd55a530ed870554f165f1035ef3ce7d820de9d0fa6b13ddb4a6

    • SHA512

      0220b83ddd2610c71e53bed8a30404eae7033a520c301c7dec92224b6f58589be8cbb03786ad1d40f53bd590aa18815748b258cfefe67006a58431c523359c82

    • SSDEEP

      6144:I6696xbMlEggdFWFMKUN5exG1PRcYgtHl274UjFnEKVqSMPESEa5ZelA6+KAQ1:I66MbMVFpUbeABR4Hq6FSMPV8A3KAW

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks