Overview

overview

10

Static

static

3

Bad Rabit.exe

windows10-2004-x64

10

Bad Rabit.exe

windows10-ltsc 2021-x64

10

Bad Rabit.exe

windows11-21h2-x64

10

Resubmissions

09-02-2025 03:10

250209-dn49cstkez 10

08-06-2024 08:50

240608-krvyesae91 10

08-05-2024 16:15

240508-tqnx6ach3w 10

08-05-2024 16:07

240508-tkr3mafa54 10

01-05-2024 18:02

240501-wmf49acg3s 6

27-04-2024 08:46

240427-kpfeysff8s 10

25-04-2024 21:25

240425-z9y55afb7v 10

25-04-2024 21:16

240425-z4pphafa97 10

25-04-2024 18:27

240425-w3929sde33 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware.zip

  • Size

    6.4MB

  • Sample

    250209-dn49cstkez

  • MD5

    2570272f3d1d089334463f58135099be

  • SHA1

    c3c47f1a8420d11be52cf69f2cafcec450b36b36

  • SHA256

    2a45e44be359fba4c85591e7b13d1ec772ed181adc41254d8b00d31b2d15878e

  • SHA512

    4921f1e3fa8dc8b019587aad62a67b449175fe6cfb8e7b01474a3eb5683c1c475f34247e4a6b248bea3e432ed413721519a52b2d1ef0f3f088876cd98cec31f9

  • SSDEEP

    196608:Pjlmaezq3Z39giBgtmHmZMXQ/4LQH6TBAyigHRHu+MKiB:PYaIwgiKt2O9/rH6T6yigHRHGxB

Score
10/10
badrabbitmimikatzadwarediscoverypersistenceprivilege_escalationransomwarestealer

Malware Config

Targets

    • Target

      Bad Rabit.exe

    • Size

      431KB

    • MD5

      fbbdc39af1139aebba4da004475e8839

    • SHA1

      de5c8d858e6e41da715dca1c019df0bfb92d32c0

    • SHA256

      630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

    • SHA512

      74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

    • SSDEEP

      12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63

    Score
    10/10
    badrabbitmimikatzadwarediscoverypersistenceprivilege_escalationransomwarestealer

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

      ransomwarebadrabbit

    • Badrabbit family

      badrabbit

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Mimikatz family

      mimikatz

    • mimikatz is an open source tool to dump credentials on Windows

    • Blocklisted process makes network request

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks