General
-
Target
Dt2NFbUW.bat
-
Size
198B
-
Sample
200101-xdjkryzdk2
-
MD5
973cddb2b71bb9827a2df560d75af93e
-
SHA1
8559341e73f0a51418fae343f5a597fae5bfd98d
-
SHA256
0d14e2a78d12efbb31930c5dd64b18c68e4918210d071ea300fdbfb20f0d0bbc
-
SHA512
d0808c5a8648a9dee3f98f83c0dfbcd433f84912a043fd0fc8f39bf29d3f3594e9b2a288933339d76f6dcbc178867fc52ce196e236debe570a1e2451783f7ecc
Task
task1
Sample
Dt2NFbUW.bat
Resource
win7v191014
Task
task2
Sample
Dt2NFbUW.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/Dt2NFbUW
Extracted
C:\7qoiz422f-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0334E33A2BB9B1E6
http://decryptor.top/0334E33A2BB9B1E6
Targets
-
-
Target
Dt2NFbUW.bat
-
Size
198B
-
MD5
973cddb2b71bb9827a2df560d75af93e
-
SHA1
8559341e73f0a51418fae343f5a597fae5bfd98d
-
SHA256
0d14e2a78d12efbb31930c5dd64b18c68e4918210d071ea300fdbfb20f0d0bbc
-
SHA512
d0808c5a8648a9dee3f98f83c0dfbcd433f84912a043fd0fc8f39bf29d3f3594e9b2a288933339d76f6dcbc178867fc52ce196e236debe570a1e2451783f7ecc
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-