General

  • Target

    sample

  • Size

    41KB

  • Sample

    240712-gbrdhsshmg

  • MD5

    076f09f604d37f3d5cbc056f260b601f

  • SHA1

    a9b089f61e5248ce889d4b1f6b0079c83acf69d1

  • SHA256

    c9d95d86d09d402fde59dff3f2fbb67090c96e9c99859c8489a5c38e2c9af034

  • SHA512

    fc81ab0b631ff77c602dd8fa941fe360ddd251f9e75d847f85e25252bae60a88628672d3d7a236cbd3826f75fd1bf8558c7a044607c105f61ed59ab47064a2f8

  • SSDEEP

    768:S/byaQsSbbPcqLsfP5EU7FSulJwUMtsVUOJEvU04sCYPi/JMI8NjmmrwIurjtcWz:EHQsSbbPcqLgP6U7FSulJwUMts+WUNfU

Malware Config

Targets

    • Target

      sample

    • Size

      41KB

    • MD5

      076f09f604d37f3d5cbc056f260b601f

    • SHA1

      a9b089f61e5248ce889d4b1f6b0079c83acf69d1

    • SHA256

      c9d95d86d09d402fde59dff3f2fbb67090c96e9c99859c8489a5c38e2c9af034

    • SHA512

      fc81ab0b631ff77c602dd8fa941fe360ddd251f9e75d847f85e25252bae60a88628672d3d7a236cbd3826f75fd1bf8558c7a044607c105f61ed59ab47064a2f8

    • SSDEEP

      768:S/byaQsSbbPcqLsfP5EU7FSulJwUMtsVUOJEvU04sCYPi/JMI8NjmmrwIurjtcWz:EHQsSbbPcqLgP6U7FSulJwUMts+WUNfU

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks