General
-
Target
gUFmsNr9.bat
-
Size
192B
-
Sample
200101-rpqtg1ratx
-
MD5
ec0ca871ccc3ec9813ab3ae758f8eac0
-
SHA1
367be798c0689623705fb87dbe00c45d3877d16c
-
SHA256
e43848480ada3d64317a1b5588e887d38eeef746d3ed3f7cfde1d2e5a5b5b099
-
SHA512
1f62a6ef1198bdc2b3d2afabda7e8c741dbdf901d2719aa4c74be5e3645510853841ce8f233ec269cf7efa56f29a7017283783c73eb216fcb927ae4e889e279c
Task
task1
Sample
gUFmsNr9.bat
Resource
win7v191014
Task
task2
Sample
gUFmsNr9.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/gUFmsNr9
Extracted
C:\929lr-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F944365DCEA7D292
http://decryptor.top/F944365DCEA7D292
Targets
-
-
Target
gUFmsNr9.bat
-
Size
192B
-
MD5
ec0ca871ccc3ec9813ab3ae758f8eac0
-
SHA1
367be798c0689623705fb87dbe00c45d3877d16c
-
SHA256
e43848480ada3d64317a1b5588e887d38eeef746d3ed3f7cfde1d2e5a5b5b099
-
SHA512
1f62a6ef1198bdc2b3d2afabda7e8c741dbdf901d2719aa4c74be5e3645510853841ce8f233ec269cf7efa56f29a7017283783c73eb216fcb927ae4e889e279c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-