General
-
Target
pRGiJZE2.bat
-
Size
189B
-
Sample
191216-m49vymh516
-
MD5
7de4a8d57db460ef3d2d733558cd5874
-
SHA1
47500e03b81c3a18d8d79769c082a76cbb1566dd
-
SHA256
2d37f42015e8465ca0b781a56385c0b4a90e131b8a7fef6fa43afb8e7821f662
-
SHA512
b1df3f38def62aa84c48579afe78f1282dc8c1a88172cf6f93642897b98b55f2b312c88391a4709744d04470f3e3f467320974ac8c45d3b3ddd9caca565c23d6
Task
task1
Sample
pRGiJZE2.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/pRGiJZE2
Extracted
C:\dqjmu8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2890C6739DAB4D4D
http://decryptor.top/2890C6739DAB4D4D
Targets
-
-
Target
pRGiJZE2.bat
-
Size
189B
-
MD5
7de4a8d57db460ef3d2d733558cd5874
-
SHA1
47500e03b81c3a18d8d79769c082a76cbb1566dd
-
SHA256
2d37f42015e8465ca0b781a56385c0b4a90e131b8a7fef6fa43afb8e7821f662
-
SHA512
b1df3f38def62aa84c48579afe78f1282dc8c1a88172cf6f93642897b98b55f2b312c88391a4709744d04470f3e3f467320974ac8c45d3b3ddd9caca565c23d6
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-