badrabbit | c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c | Triage

Submit
Reports

Overview

overview

Static

static

1

MEMZ-Destructive.7z

windows11-21h2-x64

Resubmissions

11-08-2024 08:57

240811-kwnd5ssgrq 8

11-08-2024 08:53

240811-ktthdasgml 8

11-08-2024 08:47

240811-kp4sjssflj 10

11-08-2024 08:37

240811-kjelgawfla 8

11-08-2024 08:32

240811-ke9k2sscqm 10

11-08-2024 08:29

240811-kdnl7awdrb 6

11-08-2024 08:26

240811-kbzxfawdlc 6

Sharing

General

Target

MEMZ-Destructive.7z
Size

17KB
Sample

240811-kp4sjssflj
MD5

d91a65636b8d4b7437983e064e2580fa
SHA1

2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3
SHA256

c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c
SHA512

0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f
SSDEEP

384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT

Score

10^/10

badrabbit mimikatz bootkit defense_evasion discovery persistence ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

MEMZ-Destructive.7z

Resource

win11-20240802-en

badrabbit mimikatz bootkit defense_evasion discovery persistence ransomware upx

windows11-21h2-x64

26 signatures

600 seconds

Malware Config

Targets

- Target
  
  MEMZ-Destructive.7z
- Size
  
  17KB
- MD5
  
  d91a65636b8d4b7437983e064e2580fa
- SHA1
  
  2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3
- SHA256
  
  c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c
- SHA512
  
  0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f
- SSDEEP
  
  384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT
Score

10^/10

badrabbit mimikatz bootkit defense_evasion discovery persistence ransomware upx
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Pre-OS Boot

Bootkit

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

badrabbitmimikatzbootkitdefense_evasiondiscoverypersistenceransomwareupx

© 2018-2024

Terms | Privacy