General
-
Target
ZrxYpNuy.bat
-
Size
197B
-
Sample
200101-gdmshj7yc6
-
MD5
a65f56e966943ef2d288e253e69aca40
-
SHA1
66dc4965aeaa154350d7dc78be79b359a62ba985
-
SHA256
cc4308d9ba991039ebc6e0e8fbd42c941d669e4e71248290766da05390f18cff
-
SHA512
f25c21d2272f811fca8952928ed375b03ee2232700552f829a5e31ab219f0effe502ba979899d1e4685c00572d2e05e7095d9b722697507c279e2ea804280c6d
Task
task1
Sample
ZrxYpNuy.bat
Resource
win7v191014
Task
task2
Sample
ZrxYpNuy.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/ZrxYpNuy
Extracted
C:\wm4l3l0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/BAD4040FE6406E97
http://decryptor.top/BAD4040FE6406E97
Targets
-
-
Target
ZrxYpNuy.bat
-
Size
197B
-
MD5
a65f56e966943ef2d288e253e69aca40
-
SHA1
66dc4965aeaa154350d7dc78be79b359a62ba985
-
SHA256
cc4308d9ba991039ebc6e0e8fbd42c941d669e4e71248290766da05390f18cff
-
SHA512
f25c21d2272f811fca8952928ed375b03ee2232700552f829a5e31ab219f0effe502ba979899d1e4685c00572d2e05e7095d9b722697507c279e2ea804280c6d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-