General
-
Target
LzkNcv75.bat
-
Size
192B
-
Sample
191216-hbth798x4j
-
MD5
f12e57d2503bb305fca21321a799511d
-
SHA1
fb4a05bd282eed9bd3d41a81afb313a72613f2b0
-
SHA256
ceaa40264cb666d0b5eab3ed3492570aef8d3b8b87114a93236e714112c31355
-
SHA512
fb9488055867806721438509844bb61c0911a9a05b747cdc4a216847864220aeb5a34c68e7632705f33214923402a410dc4f10e6b73dffc951e68c6ff391b529
Task
task1
Sample
LzkNcv75.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/LzkNcv75
Extracted
C:\zvp605i-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3F99AA4EF76BBB5D
http://decryptor.top/3F99AA4EF76BBB5D
Targets
-
-
Target
LzkNcv75.bat
-
Size
192B
-
MD5
f12e57d2503bb305fca21321a799511d
-
SHA1
fb4a05bd282eed9bd3d41a81afb313a72613f2b0
-
SHA256
ceaa40264cb666d0b5eab3ed3492570aef8d3b8b87114a93236e714112c31355
-
SHA512
fb9488055867806721438509844bb61c0911a9a05b747cdc4a216847864220aeb5a34c68e7632705f33214923402a410dc4f10e6b73dffc951e68c6ff391b529
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-