General
-
Target
phS7sDeA.bat
-
Size
189B
-
Sample
191225-l9n5txl4f2
-
MD5
739ed59779986e9ce7401753ff7b9213
-
SHA1
6898185ac808e53a4b559399ab0398d1bf03f1a4
-
SHA256
0d92c7aceb162dd4ca758f9336c3b8ddcfb23ddf8401d5e0512fc8475dbdf629
-
SHA512
bce4e2227738b03007fdbad88bd46b8cf725b16921a6ddda0f6c42d0ac95f4d000f7d7a9ddfae7c40fc08f5cc6b3aaf852dbbdf3541429fd4448a6f8efef778b
Task
task1
Sample
phS7sDeA.bat
Resource
win7v191014
Task
task2
Sample
phS7sDeA.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/phS7sDeA
Extracted
C:\mm7rg-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/55E8C7ABB7EBAF59
http://decryptor.top/55E8C7ABB7EBAF59
Targets
-
-
Target
phS7sDeA.bat
-
Size
189B
-
MD5
739ed59779986e9ce7401753ff7b9213
-
SHA1
6898185ac808e53a4b559399ab0398d1bf03f1a4
-
SHA256
0d92c7aceb162dd4ca758f9336c3b8ddcfb23ddf8401d5e0512fc8475dbdf629
-
SHA512
bce4e2227738b03007fdbad88bd46b8cf725b16921a6ddda0f6c42d0ac95f4d000f7d7a9ddfae7c40fc08f5cc6b3aaf852dbbdf3541429fd4448a6f8efef778b
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-