General

  • Target

    Ransomware

  • Size

    164KB

  • Sample

    240712-nrrsjstfrd

  • MD5

    fbd2b555c4c6174e3bad0d54310241db

  • SHA1

    694b86d071a6a89a908e8ebf9b30cc518c728ff0

  • SHA256

    fc8809545e851fa681b06126005ebea45a76bbde397de81e041f71ceb9827e38

  • SHA512

    71043011e22485c4196fafd4fab5830fe09d85616f15cb24ad9fd4396c4f3c2d072293026e57112acd044ec20159305a91556c50edbb62fa6d06656aa4d35044

  • SSDEEP

    3072:I8Lya4KM2bVinYjqPok8ValLPfkgLDoa3AncKEWV+vuI/1Ntn4PB1CTjYCFe6Z2U:A+oj52n9dH5M2vkm0aOCl3pId9Rf9Tvv

Malware Config

Targets

    • Target

      Ransomware

    • Size

      164KB

    • MD5

      fbd2b555c4c6174e3bad0d54310241db

    • SHA1

      694b86d071a6a89a908e8ebf9b30cc518c728ff0

    • SHA256

      fc8809545e851fa681b06126005ebea45a76bbde397de81e041f71ceb9827e38

    • SHA512

      71043011e22485c4196fafd4fab5830fe09d85616f15cb24ad9fd4396c4f3c2d072293026e57112acd044ec20159305a91556c50edbb62fa6d06656aa4d35044

    • SSDEEP

      3072:I8Lya4KM2bVinYjqPok8ValLPfkgLDoa3AncKEWV+vuI/1Ntn4PB1CTjYCFe6Z2U:A+oj52n9dH5M2vkm0aOCl3pId9Rf9Tvv

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • mimikatz is an open source tool to dump credentials on Windows

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks