Overview

overview

10

Static

static

1

Nitro Life...od.txt

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nitro Lifetime Method.txt

  • Size

    3KB

  • Sample

    240913-bml1aawcrk

  • MD5

    39356142ca258828ac8b547eb9ffc18f

  • SHA1

    3b3ad91d1b4c31d24289a2174a45ece663ddf5b2

  • SHA256

    d2a95df36aa60c1581c4dde74ac7ac43cb88a499f7f5eca8e964a93a6fbb00f3

  • SHA512

    046c296691f28319cfcbeca51be1f4a4eaad21586d85368fb0703b85da46d7be8c6d1224c23802afe1e095bb7e973a626621856fe43b13ad81841032506c8ba7

Score
10/10
badrabbitcryptolockermimikatzdiscoverypersistenceransomware

Malware Config

Targets

    • Target

      Nitro Lifetime Method.txt

    • Size

      3KB

    • MD5

      39356142ca258828ac8b547eb9ffc18f

    • SHA1

      3b3ad91d1b4c31d24289a2174a45ece663ddf5b2

    • SHA256

      d2a95df36aa60c1581c4dde74ac7ac43cb88a499f7f5eca8e964a93a6fbb00f3

    • SHA512

      046c296691f28319cfcbeca51be1f4a4eaad21586d85368fb0703b85da46d7be8c6d1224c23802afe1e095bb7e973a626621856fe43b13ad81841032506c8ba7

    Score
    10/10
    badrabbitcryptolockermimikatzdiscoverypersistenceransomware

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

      ransomwarebadrabbit

    • CryptoLocker

      Ransomware family with multiple variants.

      ransomwarecryptolocker

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks