#BadRabbit #DiskCoder #Ransomware

1. #BadRabbit #DiskCoder #Ransomware
2. #BadRabbit #DROPPER
3. 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da Original name FlashUtil.exe File size 431.5 KB (441899 bytes)
4. 8911fdb8c1ac8f6098057dfbbd77fc0c5e6a55a78d4a2f9701b965230ce32cf9 Original name FlashUtil.exe File size 409.6 KB (419401 bytes)
5. 7160bd96104d2ff21d836e9585b8d869edcc0aa60ee84157b7670d9abb1cd785 Original name FlashUtil.exe File size 431.5 KB (441898 bytes)
6. 5c3dc8a0c37c55af92336fde825e8280c6fd28c3f9fe69e61facb3b1da20c0df Original name FlashUtil.exe File size 431.5 KB (441899 bytes)
7.  
8. #BadRabbit #unpacked
9. 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648 C:\Windows\infpub.dat File size 401.1 KB (410760 bytes)
10.  
11. #BadRabbit #PAYLOAD
12. 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93 Original name dispci.exe File size 139.5 KB (142848 bytes)
13. 10e741ef66bdd9166434781d5a0ce465f50f270fdf538a351e91a5161458c888 Original name dispci.exe File size 139.5 KB (142855 bytes)
14.  
15. #BadRabbit Component diskcryptor drv
16. 682adcb55fe4649f7b22505a54a9dbc454b4090fc2bb84af7db5b0908f3b7806 Original name dcrypt.sys C:\Windows\cscc.dat x32 diskcryptor
17. 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6 Original name dcrypt.sys C:\Windows\cscc.dat x64 diskcryptor
18.  
19. #BadRabbit Component mimikatz
20. 2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035 File size 52.4 KB (53624 bytes) mimikatz-like x86
21. 301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c File size 60.9 KB (62328 bytes) mimikatz-like x64
22.  
23. #BadRabbit DISCKCODER debug build
24. 52d4747637b94db89996c9da113160eff2eee95c5528fb3abb7f85c2d7eb291c DISCKCODER debug build File size 536.5 KB (549376 bytes)
25. ae8a2eea804cdc233a518eead2a5e050189ba183548b73b85d97d66e8dbd3fd7 DISCKCODER debug build File size 536.5 KB (549376 bytes)
26. 3354967433417380fb34b1fd030f8a6aa4de4a6e2f4a69559d70be328283bc73 DISCKCODER debug build File size 536.5 KB (549376 bytes)
27. 1c6fdf8b58afb6e28934acc1bc7eb50a7713dc0aff1cc58d4b0bb5a3479beca1 DISCKCODER debug build File size 536.5 KB (549378 bytes)
28.  
29. VirusTotal
30. #BadRabbit #DROPPER
31. https://www.virustotal.com/en/file/630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da/analysis/
32. https://www.virustotal.com/en/file/8911fdb8c1ac8f6098057dfbbd77fc0c5e6a55a78d4a2f9701b965230ce32cf9/analysis/
33. https://www.virustotal.com/en/file/7160bd96104d2ff21d836e9585b8d869edcc0aa60ee84157b7670d9abb1cd785/analysis/
34. https://www.virustotal.com/en/file/5c3dc8a0c37c55af92336fde825e8280c6fd28c3f9fe69e61facb3b1da20c0df/analysis/
35. #BadRabbit #unpacked
36. https://www.virustotal.com/en/file/5c3dc8a0c37c55af92336fde825e8280c6fd28c3f9fe69e61facb3b1da20c0df/analysis/
37. #BadRabbit #PAYLOAD
38. https://www.virustotal.com/en/file/8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93/analysis/
39. https://www.virustotal.com/en/file/10e741ef66bdd9166434781d5a0ce465f50f270fdf538a351e91a5161458c888/analysis/
40. #BadRabbit Component diskcryptor drv
41. https://www.virustotal.com/en/file/682adcb55fe4649f7b22505a54a9dbc454b4090fc2bb84af7db5b0908f3b7806
42. https://www.virustotal.com/en/file/0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6/analysis/
43. #BadRabbit Component mimikatz
44. https://www.virustotal.com/en/file/2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035/analysis/
45. https://www.virustotal.com/en/file/301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c/analysis/
46. #BadRabbit DISCKCODER debug build
47. https://www.virustotal.com/en/file/52d4747637b94db89996c9da113160eff2eee95c5528fb3abb7f85c2d7eb291c/analysis/
48. https://www.virustotal.com/en/file/ae8a2eea804cdc233a518eead2a5e050189ba183548b73b85d97d66e8dbd3fd7/analysis/
49. https://www.virustotal.com/en/file/3354967433417380fb34b1fd030f8a6aa4de4a6e2f4a69559d70be328283bc73/analysis/
50. https://www.virustotal.com/en/file/1c6fdf8b58afb6e28934acc1bc7eb50a7713dc0aff1cc58d4b0bb5a3479beca1/analysis/