Resubmissions

04/06/2025, 17:18

250604-vvjpnssyav 6

04/06/2025, 17:11

250604-vp9nxaaj2y 10

04/06/2025, 16:57

250604-vf9ybahp6v 3

General

  • Target

    version.dll

  • Size

    2.7MB

  • Sample

    250604-vp9nxaaj2y

  • MD5

    40c2231241385e75bea54c1408a94881

  • SHA1

    e8a255003325077bb8b4990084d09c32cba827f3

  • SHA256

    972d58a325c303624e7ee5e10263c6ec3676ccc05755e2cd73b0b8ff7eef9f0e

  • SHA512

    559d561b0b2521ceefcf098539976f27a9e0678a7f1976ba0044f6d713fd541a41a0e6025c57b7ce116fef1eaaf566fc51d8f3acb4f2df65a4fb02c7d3028645

  • SSDEEP

    49152:IKtXyGVrSRE665kUv3OJPGhhCNoEcKPvzsClA4nyk2bBF83EqAXVhfQ93pO/rf7q:lrSREf3O59EKMFOZ30/

Malware Config

Targets

    • Target

      version.dll

    • Size

      2.7MB

    • MD5

      40c2231241385e75bea54c1408a94881

    • SHA1

      e8a255003325077bb8b4990084d09c32cba827f3

    • SHA256

      972d58a325c303624e7ee5e10263c6ec3676ccc05755e2cd73b0b8ff7eef9f0e

    • SHA512

      559d561b0b2521ceefcf098539976f27a9e0678a7f1976ba0044f6d713fd541a41a0e6025c57b7ce116fef1eaaf566fc51d8f3acb4f2df65a4fb02c7d3028645

    • SSDEEP

      49152:IKtXyGVrSRE665kUv3OJPGhhCNoEcKPvzsClA4nyk2bBF83EqAXVhfQ93pO/rf7q:lrSREf3O59EKMFOZ30/

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Badrabbit family

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • Mimikatz family

    • mimikatz is an open source tool to dump credentials on Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks