badrabbit | 40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96 | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows11-21h2-x64

Resubmissions

28-01-2025 10:14

250128-l96nbavraw 10

28-01-2025 10:12

250128-l8jgdsvrgn 3

28-01-2025 10:09

250128-l6zetsvrdn 4

Sharing

General

Target

sample
Size

270KB
Sample

250128-l96nbavraw
MD5

330f0941aa62e18b70c9b4360bf343d9
SHA1

eb22e6147fbb2b92b36a8db2d06f5366c9bb4c0d
SHA256

40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96
SHA512

6cb71a976fc59dd2857227a255184c9b84ff95071b52d10fe89969833915f8e87631cc72e7c7f3599b9c7ee6dd86a0f0c574911efb04256f9da310f3b8b07c9b
SSDEEP

3072:BLIAkp2SvaEvZ+pIhnrlf5RA+Jej3SN9A5VIcwoAwtN+25/jg+y:BLIAk8KaEvZ8IhJ5RNESNyIJ4g+y

Score

10^/10

badrabbit defense_evasion discovery persistence ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win11-20241007-en

badrabbit defense_evasion discovery persistence ransomware upx

windows11-21h2-x64

26 signatures

900 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  270KB
- MD5
  
  330f0941aa62e18b70c9b4360bf343d9
- SHA1
  
  eb22e6147fbb2b92b36a8db2d06f5366c9bb4c0d
- SHA256
  
  40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96
- SHA512
  
  6cb71a976fc59dd2857227a255184c9b84ff95071b52d10fe89969833915f8e87631cc72e7c7f3599b9c7ee6dd86a0f0c574911efb04256f9da310f3b8b07c9b
- SSDEEP
  
  3072:BLIAkp2SvaEvZ+pIhnrlf5RA+Jej3SN9A5VIcwoAwtN+25/jg+y:BLIAk8KaEvZ8IhJ5RNESNyIJ4g+y
Score

10^/10

badrabbit defense_evasion discovery persistence ransomware upx
- BadRabbit
  Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
  ransomware badrabbit
- Badrabbit family
  badrabbit
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

badrabbitdefense_evasiondiscoverypersistenceransomwareupx

© 2018-2025

Terms | Privacy