General
-
Target
8rMenRPf.bat
-
Size
189B
-
Sample
191216-2a3hbnxk4x
-
MD5
815c5b6000d8343fd01e383228b5f41f
-
SHA1
a04e90b2010b425498e5af5b5ac3cf2ee1d49570
-
SHA256
e4791efeba8103817e68714fd67ad9bcfd188a0e9bbf67bca422fb5554ac4165
-
SHA512
117f10de8423e13aefc5ea29f029f4dd6e39d4b2fab2c987ec769def107ce2ac619a342ff3a75cb431717fec53f60d247be9e83a61b8568045cefd534dd245db
Task
task1
Sample
8rMenRPf.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/8rMenRPf
Extracted
C:\dipl0cdxrh-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D4C71D26E67F8702
http://decryptor.top/D4C71D26E67F8702
Targets
-
-
Target
8rMenRPf.bat
-
Size
189B
-
MD5
815c5b6000d8343fd01e383228b5f41f
-
SHA1
a04e90b2010b425498e5af5b5ac3cf2ee1d49570
-
SHA256
e4791efeba8103817e68714fd67ad9bcfd188a0e9bbf67bca422fb5554ac4165
-
SHA512
117f10de8423e13aefc5ea29f029f4dd6e39d4b2fab2c987ec769def107ce2ac619a342ff3a75cb431717fec53f60d247be9e83a61b8568045cefd534dd245db
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-