General
-
Target
G1fL5LrD.bat
-
Size
196B
-
Sample
191216-v74pfwl2na
-
MD5
66ede842f8dc1f852114abf9ba07651a
-
SHA1
cbb018e1bf534f527b55e6cc691eeb495745c0d7
-
SHA256
a73b3dcc9803bbdf3c270d7aafa2fc0bdfb3d9792123539fa62c722af0995a54
-
SHA512
f1d7a175809019db1ae4a0b4f7fe5768b6c431096df48aed453e82e153c2d7cd410569da848a346b108b9bd12c375862edd10905e0463e788f3cb5dac39cb7d8
Task
task1
Sample
G1fL5LrD.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/G1fL5LrD
Extracted
C:\oev944-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E0BC9C9BFB0E8575
http://decryptor.top/E0BC9C9BFB0E8575
Targets
-
-
Target
G1fL5LrD.bat
-
Size
196B
-
MD5
66ede842f8dc1f852114abf9ba07651a
-
SHA1
cbb018e1bf534f527b55e6cc691eeb495745c0d7
-
SHA256
a73b3dcc9803bbdf3c270d7aafa2fc0bdfb3d9792123539fa62c722af0995a54
-
SHA512
f1d7a175809019db1ae4a0b4f7fe5768b6c431096df48aed453e82e153c2d7cd410569da848a346b108b9bd12c375862edd10905e0463e788f3cb5dac39cb7d8
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Adds Run entry to start application
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-