General
-
Target
gUSgtEef.bat
-
Size
195B
-
Sample
191216-ev456tmrps
-
MD5
ff78055026f05e5b91c3023b89ac2678
-
SHA1
5b8e27b16e0c2a25eca094ebaf99097c69d571c5
-
SHA256
39d40bbbb11f2740a51d0c80e16c0b1896acf377b5ab45497c8b91efc365d1d3
-
SHA512
7ffc3fe86b9f8c48094e16d853bdb95cb24073a48dd53ced412f3e8dc131c4fd1ed46310b5291063911768d906eb3153d6f281734ae537d366d511c01b391d2e
Task
task1
Sample
gUSgtEef.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/gUSgtEef
Extracted
C:\5u85663-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/BFC8D962D0767B2E
http://decryptor.top/BFC8D962D0767B2E
Targets
-
-
Target
gUSgtEef.bat
-
Size
195B
-
MD5
ff78055026f05e5b91c3023b89ac2678
-
SHA1
5b8e27b16e0c2a25eca094ebaf99097c69d571c5
-
SHA256
39d40bbbb11f2740a51d0c80e16c0b1896acf377b5ab45497c8b91efc365d1d3
-
SHA512
7ffc3fe86b9f8c48094e16d853bdb95cb24073a48dd53ced412f3e8dc131c4fd1ed46310b5291063911768d906eb3153d6f281734ae537d366d511c01b391d2e
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-