General
-
Target
SbbpUVLZ.bat
-
Size
198B
-
Sample
191216-sww42m789e
-
MD5
b831e77e31e8944c1121adfa2ea34746
-
SHA1
dbda47cca23dce93d69f4d12af7c690bd29f8442
-
SHA256
600cfe34a4db54318db70d3cc036a50e63d7b7bb50f7f3983de8ef03c9f5d718
-
SHA512
b57067a88cb41efecbfaa07a258b40e52ad090f1d818ccf4b950aa1ce6939459549afe3fab16828ee9de8c523782838c7e5c0f214edd1d041859702c69edd158
Task
task1
Sample
SbbpUVLZ.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/SbbpUVLZ
Extracted
C:\8532gv9y-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D6FA3048D6662B83
http://decryptor.top/D6FA3048D6662B83
Targets
-
-
Target
SbbpUVLZ.bat
-
Size
198B
-
MD5
b831e77e31e8944c1121adfa2ea34746
-
SHA1
dbda47cca23dce93d69f4d12af7c690bd29f8442
-
SHA256
600cfe34a4db54318db70d3cc036a50e63d7b7bb50f7f3983de8ef03c9f5d718
-
SHA512
b57067a88cb41efecbfaa07a258b40e52ad090f1d818ccf4b950aa1ce6939459549afe3fab16828ee9de8c523782838c7e5c0f214edd1d041859702c69edd158
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-