General
-
Target
YjMJd0LZ.bat
-
Size
196B
-
Sample
191216-md9taqrxs2
-
MD5
ea83bac8ab910d95964fe3b27f75b1e5
-
SHA1
aa6df9abe565ee1c5f2429d1abe1c771458374e4
-
SHA256
36a5dfd5cdbe533f51c1aa94a69718240e70670d88d90827b7930fb49023a8e8
-
SHA512
09d08aa66e57af9608fd30abbe1287762e2332f9cf55068afde87b4a627686e81df84df1696722c5bd3aeec44547b5b759b81535615d77209074c1cd7f6452a2
Task
task1
Sample
YjMJd0LZ.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/YjMJd0LZ
Extracted
C:\7107r5v5d4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C9F148270743E1EA
http://decryptor.top/C9F148270743E1EA
Targets
-
-
Target
YjMJd0LZ.bat
-
Size
196B
-
MD5
ea83bac8ab910d95964fe3b27f75b1e5
-
SHA1
aa6df9abe565ee1c5f2429d1abe1c771458374e4
-
SHA256
36a5dfd5cdbe533f51c1aa94a69718240e70670d88d90827b7930fb49023a8e8
-
SHA512
09d08aa66e57af9608fd30abbe1287762e2332f9cf55068afde87b4a627686e81df84df1696722c5bd3aeec44547b5b759b81535615d77209074c1cd7f6452a2
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Adds Run entry to start application
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-