General
-
Target
Za3T5yJk.bat
-
Size
196B
-
Sample
191216-h9j8npa5yn
-
MD5
46f394eb1e96a9e997df949bc0a77c7c
-
SHA1
c30408141672eb2dff2b270c60269e5ab8ea979a
-
SHA256
5c782b58ddf8cc3df5b65372060b30f699e27c7a32adff8a14f826a49e0d7ac8
-
SHA512
bac8632610b6ce3c00122f667fc87252450a80cc718394987c1336c179f06ae5d73c420d0cbc0c3c2fe486d817cc875dcf57e79a56324e886b68eb586ae447ff
Task
task1
Sample
Za3T5yJk.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/Za3T5yJk
Extracted
C:\56820rse-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/87D82F91219E1402
http://decryptor.top/87D82F91219E1402
Targets
-
-
Target
Za3T5yJk.bat
-
Size
196B
-
MD5
46f394eb1e96a9e997df949bc0a77c7c
-
SHA1
c30408141672eb2dff2b270c60269e5ab8ea979a
-
SHA256
5c782b58ddf8cc3df5b65372060b30f699e27c7a32adff8a14f826a49e0d7ac8
-
SHA512
bac8632610b6ce3c00122f667fc87252450a80cc718394987c1336c179f06ae5d73c420d0cbc0c3c2fe486d817cc875dcf57e79a56324e886b68eb586ae447ff
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-