badrabbit

General

Target

YouAreAnIdiot.zip
Size

223KB
Sample

250106-ye5hzswjdx
MD5

a7a51358ab9cdf1773b76bc2e25812d9
SHA1

9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256

817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512

3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
SSDEEP

6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM

Score

10^/10

Malware Config

Targets

- Target
  
  YouAreAnIdiot.zip
- Size
  
  223KB
- MD5
  
  a7a51358ab9cdf1773b76bc2e25812d9
- SHA1
  
  9f3befe37f5fbe58bbb9476a811869c5410ee919
- SHA256
  
  817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
- SHA512
  
  3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
- SSDEEP
  
  6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM
Score

10^/10

badrabbit mimikatz discovery evasion persistence ransomware spyware stealer trojan
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Badrabbit family
  badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Renames multiple (83) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1