badrabbit | 1041a83d20c8cb7b9303c65aa563078dc4b10e6db8f3547b74278bc6c0644e98 | Triage

Submit
Reports

Overview

overview

Static

static

1

verify-ua.html

windows7-x64

3

verify-ua.html

windows10-2004-x64

Sharing

General

Target

verify-ua
Size

5KB
Sample

240909-z4zjpsseqf
MD5

bdcd890677a32b056ffd78cd896eff89
SHA1

92ab74ed8d40e336c4c33a44435521f377007df8
SHA256

1041a83d20c8cb7b9303c65aa563078dc4b10e6db8f3547b74278bc6c0644e98
SHA512

3bedc2cec5f892c688811feaacff43845762be06e212510cba9abd9080ffa849c46ca2566722ab3f2c25afda3cb9baaa5e78e1e6c8351ea41eb3add49e75cc01
SSDEEP

96:GiOts4fcZxpPsCkHInCnir7NVirCQXqHVoITMF6apE4sW:7Ots5sGnRTirio6+sW

Score

10^/10

badrabbit mimikatz discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

verify-ua.html

Resource

win7-20240708-en

windows7-x64

5 signatures

1800 seconds

Behavioral task

behavioral2

Sample

verify-ua.html

Resource

win10v2004-20240802-en

badrabbit mimikatz discovery persistence ransomware

windows10-2004-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  verify-ua
- Size
  
  5KB
- MD5
  
  bdcd890677a32b056ffd78cd896eff89
- SHA1
  
  92ab74ed8d40e336c4c33a44435521f377007df8
- SHA256
  
  1041a83d20c8cb7b9303c65aa563078dc4b10e6db8f3547b74278bc6c0644e98
- SHA512
  
  3bedc2cec5f892c688811feaacff43845762be06e212510cba9abd9080ffa849c46ca2566722ab3f2c25afda3cb9baaa5e78e1e6c8351ea41eb3add49e75cc01
- SSDEEP
  
  96:GiOts4fcZxpPsCkHInCnir7NVirCQXqHVoITMF6apE4sW:7Ots5sGnRTirio6+sW
Score

10^/10

discovery badrabbit mimikatz persistence ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

badrabbitmimikatzdiscoverypersistenceransomware

© 2018-2025

Terms | Privacy