badrabbit | f95043eed6a9f827ebd2e46493343a8f734378ecd6022975455ae01334c52749 | Triage

Submit
Reports

Overview

overview

Static

static

1

JJSploit_8...US.msi

windows11-21h2-x64

Sharing

General

Target

JJSploit_8.11.0_x64_en-US.msi
Size

5.1MB
Sample

250124-cg8grstqfz
MD5

fe0b64b5c6ffe422676ae7216c2d38c9
SHA1

51350ac5ce079cbe741bd48d6462075b7c23adef
SHA256

f95043eed6a9f827ebd2e46493343a8f734378ecd6022975455ae01334c52749
SHA512

055ddc9f124ae2cab6ff2d1e1a6f927b088417beb1e813e09a791289ea1e5666c258d48d1ae7aa12ac5c7932cfed888524c89c1b2d01dfe7bee00cba5f6b5b56
SSDEEP

98304:ST4zeG7P2hdWkNAQGmtuNQmPan/7BYUlZ9dso1Y8Vk18urY46wGIrSv8m:ST4qG7P2hd7/IQNpdsojY8ur2Ir

Score

10^/10

badrabbit defense_evasion discovery persistence privilege_escalation ransomware

Static task

static1

Behavioral task

behavioral1

Sample

JJSploit_8.11.0_x64_en-US.msi

Resource

win11-20241007-en

badrabbit defense_evasion discovery persistence privilege_escalation ransomware

windows11-21h2-x64

31 signatures

900 seconds

Malware Config

Targets

- Target
  
  JJSploit_8.11.0_x64_en-US.msi
- Size
  
  5.1MB
- MD5
  
  fe0b64b5c6ffe422676ae7216c2d38c9
- SHA1
  
  51350ac5ce079cbe741bd48d6462075b7c23adef
- SHA256
  
  f95043eed6a9f827ebd2e46493343a8f734378ecd6022975455ae01334c52749
- SHA512
  
  055ddc9f124ae2cab6ff2d1e1a6f927b088417beb1e813e09a791289ea1e5666c258d48d1ae7aa12ac5c7932cfed888524c89c1b2d01dfe7bee00cba5f6b5b56
- SSDEEP
  
  98304:ST4zeG7P2hdWkNAQGmtuNQmPan/7BYUlZ9dso1Y8Vk18urY46wGIrSv8m:ST4qG7P2hd7/IQNpdsojY8ur2Ir
Score

10^/10

badrabbit defense_evasion discovery persistence privilege_escalation ransomware
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Badrabbit family
  badrabbit
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Event Triggered Execution

Installer Packages

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Event Triggered Execution

Installer Packages

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

badrabbitdefense_evasiondiscoverypersistenceprivilege_escalationransomware

© 2018-2025

Terms | Privacy