General
-
Target
KMEknABL.bat
-
Size
195B
-
Sample
200101-l8648xkvye
-
MD5
b31aeb87df5a931d437ea87673c47056
-
SHA1
f00e5818beaa44176fa1799aba328098e65e45e2
-
SHA256
85fa65ad29ef62077ff5fbb0289138bfa40467a804a5a73eecd2d25ad9db1ccf
-
SHA512
817d539f853cbd09f94dbba112f0a973ea4a6a9078b40faaf9c75d39c3906d8ea3be1b9e6ed15a7fc841a84a44af98dc2ea15b8522e448dd52a02f26a96e71c9
Task
task1
Sample
KMEknABL.bat
Resource
win7v191014
Task
task2
Sample
KMEknABL.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/KMEknABL
Extracted
C:\93zefhpw8s-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/03460156E7C74522
http://decryptor.top/03460156E7C74522
Targets
-
-
Target
KMEknABL.bat
-
Size
195B
-
MD5
b31aeb87df5a931d437ea87673c47056
-
SHA1
f00e5818beaa44176fa1799aba328098e65e45e2
-
SHA256
85fa65ad29ef62077ff5fbb0289138bfa40467a804a5a73eecd2d25ad9db1ccf
-
SHA512
817d539f853cbd09f94dbba112f0a973ea4a6a9078b40faaf9c75d39c3906d8ea3be1b9e6ed15a7fc841a84a44af98dc2ea15b8522e448dd52a02f26a96e71c9
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-