General
-
Target
https://cdn.discordapp.com/attachments/1304480397991870554/1305166099561582672/totallynotscam.exe?ex=67320a26&is=6730b8a6&hm=9d210441a97c80fff970d9572657718b77795437fe356ea7472402b0eb9f9d1a&
-
Sample
241110-ztbpwsvdqn
Score
10/10
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1304480397991870554/1305166099561582672/totallynotscam.exe?ex=67320a26&is=6730b8a6&hm=9d210441a97c80fff970d9572657718b77795437fe356ea7472402b0eb9f9d1a&
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Badrabbit family
-
Disables Task Manager via registry modification
-
A potential corporate email address has been identified in the URL: cd1semDcd279ee0b9d3ee0471f99791bd56bc4d1440srgsbcd3amgsmartshopresultscd4fw185cd6ch1960cd7genadsenseroundednodagrcd9httpswww.smartshopresults.comwebadsemDagfw185akid79ee0b9d3ee0471f99791bd56bc4d1440srgsbangooglesgadsource5gclidEAIaIQobChMInc3109TSiQMVpiGiAx2CswCFEAAYASAAEgL9PvDBwEo1675085qgamesqosemQueryttrmdcd1147eb98c482e2486797925ff12c411dc8cd14@amggoogleserplayoutroundeddesktopcd16gbcd181675085cd19b176492b00cb42c2be9bac1b4450320dcd20googlescd23textadblock0cd272820062827cd291cd30gameswww.smartshopresults.comcd31resultsPagecd32smartshopresults.comcd34semQuerycd35gslcd37gamescd38centercd41EAIaIQobChMInc3109TSiQMVpiGiAx2CswCFEAAYASAAEgL9PvDBwEcd45HobbiesLeisurecd46ToysGamescd53ch129ch16cd57mesonpcmsitescd58encd66f41d1d259ce24c489c77c19fc7d3d1e3gapi112
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1