General
-
Target
ZLe5gJKD.bat
-
Size
193B
-
Sample
191216-gz4p7974ja
-
MD5
6e78ad45116b0543050facbe4f9d60ac
-
SHA1
d61528fca930f327547794415a9982370c404ff0
-
SHA256
3848fd0472f033fb4f6002ef45238e4fa23b13b88e6c84b2c28299ffb3015676
-
SHA512
b6264000083c52c5a5d600716ad70df166dd67a45ab44e4e6ddd57d84a8a5b6b3dd66fa7a6736470ad8b60266c6b870381d3b67a913efdd75575d9fa198f256a
Task
task1
Sample
ZLe5gJKD.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/ZLe5gJKD
Extracted
C:\118eyl-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/633E6F2DA8E250CB
http://decryptor.top/633E6F2DA8E250CB
Targets
-
-
Target
ZLe5gJKD.bat
-
Size
193B
-
MD5
6e78ad45116b0543050facbe4f9d60ac
-
SHA1
d61528fca930f327547794415a9982370c404ff0
-
SHA256
3848fd0472f033fb4f6002ef45238e4fa23b13b88e6c84b2c28299ffb3015676
-
SHA512
b6264000083c52c5a5d600716ad70df166dd67a45ab44e4e6ddd57d84a8a5b6b3dd66fa7a6736470ad8b60266c6b870381d3b67a913efdd75575d9fa198f256a
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-