badrabbit | c5fe32e5de97a1c0ff01c7bcbc99d7086a485b6df9ac7cdb37e906f6e1d01da3 | Triage

Submit
Reports

Overview

overview

Static

static

1

Urgent Con...df.exe

windows7-x64

Urgent Con...df.exe

windows10-2004-x64

Sharing

General

Target

Urget Contract Action.eml
Size

604KB
Sample

250110-ghtr8atqgv
MD5

048c02e929690bcb0a537d08e71f6b50
SHA1

e35f34239708f1d2ac63dc88366dcb3686d0d1eb
SHA256

c5fe32e5de97a1c0ff01c7bcbc99d7086a485b6df9ac7cdb37e906f6e1d01da3
SHA512

bd942387e85c4981cba4617089728958e7bf163efb73ee5624e3f5e409552426a3ee67d0900bca18dc089552d5c855ca99dbf5115f4293eb5162e346a68fcaa9
SSDEEP

12288:G35ETPjPNu1JoTIIu4Q3H3KNgrYq/6lm2pNRs/P7IunP9m4QSmWveSI:PPDkreIItQqev/Qmofs/TdnPvPpeB

Score

10^/10

badrabbit mimikatz discovery ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Urgent Contract Action.pdf.exe

Resource

win7-20240903-en

badrabbit mimikatz discovery ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Urgent Contract Action.pdf.exe

Resource

win10v2004-20241007-en

badrabbit mimikatz discovery ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Urgent Contract Action.pdf.exe
- Size
  
  431KB
- MD5
  
  fbbdc39af1139aebba4da004475e8839
- SHA1
  
  de5c8d858e6e41da715dca1c019df0bfb92d32c0
- SHA256
  
  630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
- SHA512
  
  74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
- SSDEEP
  
  12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score

10^/10

badrabbit mimikatz discovery ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Badrabbit family
  badrabbit
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

badrabbitmimikatzdiscoveryransomware

behavioral2

badrabbitmimikatzdiscoveryransomware

© 2018-2025

Terms | Privacy