General
-
Target
Ransomware
-
Size
164KB
-
Sample
240712-nrrsjstfrd
-
MD5
fbd2b555c4c6174e3bad0d54310241db
-
SHA1
694b86d071a6a89a908e8ebf9b30cc518c728ff0
-
SHA256
fc8809545e851fa681b06126005ebea45a76bbde397de81e041f71ceb9827e38
-
SHA512
71043011e22485c4196fafd4fab5830fe09d85616f15cb24ad9fd4396c4f3c2d072293026e57112acd044ec20159305a91556c50edbb62fa6d06656aa4d35044
-
SSDEEP
3072:I8Lya4KM2bVinYjqPok8ValLPfkgLDoa3AncKEWV+vuI/1Ntn4PB1CTjYCFe6Z2U:A+oj52n9dH5M2vkm0aOCl3pId9Rf9Tvv
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
Ransomware
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
Ransomware
-
Size
164KB
-
MD5
fbd2b555c4c6174e3bad0d54310241db
-
SHA1
694b86d071a6a89a908e8ebf9b30cc518c728ff0
-
SHA256
fc8809545e851fa681b06126005ebea45a76bbde397de81e041f71ceb9827e38
-
SHA512
71043011e22485c4196fafd4fab5830fe09d85616f15cb24ad9fd4396c4f3c2d072293026e57112acd044ec20159305a91556c50edbb62fa6d06656aa4d35044
-
SSDEEP
3072:I8Lya4KM2bVinYjqPok8ValLPfkgLDoa3AncKEWV+vuI/1Ntn4PB1CTjYCFe6Z2U:A+oj52n9dH5M2vkm0aOCl3pId9Rf9Tvv
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-