General
-
Target
3yFsXBJM.bat
-
Size
194B
-
Sample
200103-5bbywmjlze
-
MD5
352663e27cd6d2471f0bffbb78b15343
-
SHA1
54580df6d37776d54645850dfc10898d51fa4719
-
SHA256
504dec8fcbb3fb46037b86882c6760e22e3e0ebafdbc4dca3df3101102dcdf15
-
SHA512
e4eda672ee4b02cd9001f118d30daca0a5d9eb65ae71e6648322237da0eedf88d6ff461b630a5b5ad951227c35f39ab8188a760212f8fc6b60001e2e3df2021a
Task
task1
Sample
3yFsXBJM.bat
Resource
win7v191014
Task
task2
Sample
3yFsXBJM.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/3yFsXBJM
Extracted
C:\nyu2d5f75-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/03460156E7C74522
http://decryptor.top/03460156E7C74522
Targets
-
-
Target
3yFsXBJM.bat
-
Size
194B
-
MD5
352663e27cd6d2471f0bffbb78b15343
-
SHA1
54580df6d37776d54645850dfc10898d51fa4719
-
SHA256
504dec8fcbb3fb46037b86882c6760e22e3e0ebafdbc4dca3df3101102dcdf15
-
SHA512
e4eda672ee4b02cd9001f118d30daca0a5d9eb65ae71e6648322237da0eedf88d6ff461b630a5b5ad951227c35f39ab8188a760212f8fc6b60001e2e3df2021a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-