General
-
Target
DeL27X4Q.bat
-
Size
194B
-
Sample
191216-e9a8fk11t6
-
MD5
303e548c5add71a1424c0db22e8dba9a
-
SHA1
35efd5dcb57d6e779d757eb2053fc1302e2f82c3
-
SHA256
5e992a45564e3f6dd3ae2a7027a07afd4452e9ac58fe46b4bb0fe300849417ce
-
SHA512
852e6140da4d270af3ed62eb76cf9dc325cd1fe4c62845d0c390b4ee0f1e6c50749b7cb4e9d66ca106446736eecb6ff1d126ded76ee135734007ba3fc8931931
Task
task1
Sample
DeL27X4Q.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/DeL27X4Q
Extracted
C:\w6y6241-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F5AE2F84B6FAC163
http://decryptor.top/F5AE2F84B6FAC163
Targets
-
-
Target
DeL27X4Q.bat
-
Size
194B
-
MD5
303e548c5add71a1424c0db22e8dba9a
-
SHA1
35efd5dcb57d6e779d757eb2053fc1302e2f82c3
-
SHA256
5e992a45564e3f6dd3ae2a7027a07afd4452e9ac58fe46b4bb0fe300849417ce
-
SHA512
852e6140da4d270af3ed62eb76cf9dc325cd1fe4c62845d0c390b4ee0f1e6c50749b7cb4e9d66ca106446736eecb6ff1d126ded76ee135734007ba3fc8931931
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-