General
-
Target
eS3LEzgJ.bat
-
Size
196B
-
Sample
191216-87thmf9mhs
-
MD5
4759c162d886ac609edbbdf3f4dc7297
-
SHA1
595255da1663d4d97dff4fb62729c24de46d5f9f
-
SHA256
c0fe6faa05b37d2a0464a4b68fd986229cd2bdc8f0441dd447fe225f03826388
-
SHA512
f16cd0dc697a2afcbeb1001255d19d0236eeeb9f2dfd5202f9dab4364504d11e1bfae8b4c845c5be10a6cf478a1670eabceb9b311303330473aa32c45b203d9a
Task
task1
Sample
eS3LEzgJ.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/eS3LEzgJ
Extracted
C:\5itcc8u855-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2AECAA3C385BA7A3
http://decryptor.top/2AECAA3C385BA7A3
Targets
-
-
Target
eS3LEzgJ.bat
-
Size
196B
-
MD5
4759c162d886ac609edbbdf3f4dc7297
-
SHA1
595255da1663d4d97dff4fb62729c24de46d5f9f
-
SHA256
c0fe6faa05b37d2a0464a4b68fd986229cd2bdc8f0441dd447fe225f03826388
-
SHA512
f16cd0dc697a2afcbeb1001255d19d0236eeeb9f2dfd5202f9dab4364504d11e1bfae8b4c845c5be10a6cf478a1670eabceb9b311303330473aa32c45b203d9a
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Adds Run entry to start application
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-