General
-
Target
UAgNLfZr.bat
-
Size
193B
-
Sample
200101-yym9p86agj
-
MD5
966551082b89c957f76eaa6139141f07
-
SHA1
ac01b92b035f445c673036511fb2bf7ee93269f8
-
SHA256
4f95f0ebcf04be51de7452dd9607aa1e7fa640e9c93c13ef213d18518aa22d37
-
SHA512
3c2964c148d47cbaefa362f5dd7536fcc475abc508545775fc65a1f5b0248143e4a7b904a6498e6865f9acfeda21ab9addcbc92618d25087b9a70fb9c6dbd9d8
Task
task1
Sample
UAgNLfZr.bat
Resource
win7v191014
Task
task2
Sample
UAgNLfZr.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/UAgNLfZr
Extracted
C:\u6nzwn9a5i-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6FC6AEAC658ED5AB
http://decryptor.top/6FC6AEAC658ED5AB
Targets
-
-
Target
UAgNLfZr.bat
-
Size
193B
-
MD5
966551082b89c957f76eaa6139141f07
-
SHA1
ac01b92b035f445c673036511fb2bf7ee93269f8
-
SHA256
4f95f0ebcf04be51de7452dd9607aa1e7fa640e9c93c13ef213d18518aa22d37
-
SHA512
3c2964c148d47cbaefa362f5dd7536fcc475abc508545775fc65a1f5b0248143e4a7b904a6498e6865f9acfeda21ab9addcbc92618d25087b9a70fb9c6dbd9d8
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-