badrabbit | b3c80146802eca48fd4fdd8c7f6e500c360165e4042cfac458d2830e532db4b4 | Triage

Submit
Reports

Overview

overview

Static

static

1

BadRabbit.zip

windows10-2004-x64

BadRabbit.zip

windows11-21h2-x64

Sharing

General

Target

BadRabbit.zip
Size

164KB
Sample

240806-mys4hs1ema
MD5

c279b056c175248970b86d544d4500ac
SHA1

b23b59b579e95d4c5b5c75f011c6b20438c1e223
SHA256

b3c80146802eca48fd4fdd8c7f6e500c360165e4042cfac458d2830e532db4b4
SHA512

22f25554000b76ad6c8801de02a3cf822210e5675fd117e83220a46fe0b5b56684d0b9d57d1262818c0028319ff7f546d9fa18de6613e5b1fbaac4c746516bdb
SSDEEP

3072:y0xwVWSrh1lhL2rypKP/X6OOKeRw+Ums1YElgGaPYwI1bwecpI7kzBrDUEbhg3P+:fTuoeF3uokeOvHS1d1+sNs8wbiWQu9Lm

Score

10^/10

badrabbit mimikatz discovery ransomware

Static task

static1

Behavioral task

behavioral1

Sample

BadRabbit.zip

Resource

win10v2004-20240802-en

badrabbit mimikatz discovery ransomware

windows10-2004-x64

21 signatures

1800 seconds

Behavioral task

behavioral2

Sample

BadRabbit.zip

Resource

win11-20240802-en

badrabbit mimikatz discovery ransomware

windows11-21h2-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  BadRabbit.zip
- Size
  
  164KB
- MD5
  
  c279b056c175248970b86d544d4500ac
- SHA1
  
  b23b59b579e95d4c5b5c75f011c6b20438c1e223
- SHA256
  
  b3c80146802eca48fd4fdd8c7f6e500c360165e4042cfac458d2830e532db4b4
- SHA512
  
  22f25554000b76ad6c8801de02a3cf822210e5675fd117e83220a46fe0b5b56684d0b9d57d1262818c0028319ff7f546d9fa18de6613e5b1fbaac4c746516bdb
- SSDEEP
  
  3072:y0xwVWSrh1lhL2rypKP/X6OOKeRw+Ums1YElgGaPYwI1bwecpI7kzBrDUEbhg3P+:fTuoeF3uokeOvHS1d1+sNs8wbiWQu9Lm
Score

10^/10

badrabbit mimikatz discovery ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

badrabbitmimikatzdiscoveryransomware

behavioral2

badrabbitmimikatzdiscoveryransomware

© 2018-2025

Terms | Privacy