badrabbit | hxxp://github[.]com | Triage

Resubmissions

13-12-2024 18:20

241213-wy6jaaxjh1 6

13-12-2024 18:17

241213-wxfw8sxjfs 10

13-12-2024 18:14

241213-wvrwqaymam 8

13-12-2024 18:11

241213-ws1qvawrex 10

13-12-2024 18:08

241213-wra4sswraw 8

13-12-2024 18:05

241213-wpj9paykdl 10

13-12-2024 18:01

241213-wmcrtsyjfr 8

13-12-2024 17:59

241213-wkpcvayjbn 6

13-12-2024 17:56

241213-wjh5faxrgq 8

Sharing

General

Target

http://github.com
Sample

241213-wpj9paykdl

Score

10^/10

badrabbit mimikatz defense_evasion discovery evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  http://github.com
Score

10^/10

badrabbit mimikatz defense_evasion discovery evasion persistence ransomware trojan
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Badrabbit family
  badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- mimikatz is an open source tool to dump credentials on Windows
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

badrabbitmimikatzdefense_evasiondiscoveryevasionpersistenceransomwaretrojan