General
-
Target
sample
-
Size
41KB
-
Sample
240712-gbrdhsshmg
-
MD5
076f09f604d37f3d5cbc056f260b601f
-
SHA1
a9b089f61e5248ce889d4b1f6b0079c83acf69d1
-
SHA256
c9d95d86d09d402fde59dff3f2fbb67090c96e9c99859c8489a5c38e2c9af034
-
SHA512
fc81ab0b631ff77c602dd8fa941fe360ddd251f9e75d847f85e25252bae60a88628672d3d7a236cbd3826f75fd1bf8558c7a044607c105f61ed59ab47064a2f8
-
SSDEEP
768:S/byaQsSbbPcqLsfP5EU7FSulJwUMtsVUOJEvU04sCYPi/JMI8NjmmrwIurjtcWz:EHQsSbbPcqLgP6U7FSulJwUMts+WUNfU
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
sample
-
Size
41KB
-
MD5
076f09f604d37f3d5cbc056f260b601f
-
SHA1
a9b089f61e5248ce889d4b1f6b0079c83acf69d1
-
SHA256
c9d95d86d09d402fde59dff3f2fbb67090c96e9c99859c8489a5c38e2c9af034
-
SHA512
fc81ab0b631ff77c602dd8fa941fe360ddd251f9e75d847f85e25252bae60a88628672d3d7a236cbd3826f75fd1bf8558c7a044607c105f61ed59ab47064a2f8
-
SSDEEP
768:S/byaQsSbbPcqLsfP5EU7FSulJwUMtsVUOJEvU04sCYPi/JMI8NjmmrwIurjtcWz:EHQsSbbPcqLgP6U7FSulJwUMts+WUNfU
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1