General
-
Target
p9h3W74a.bat
-
Size
189B
-
Sample
200106-qdgvvy7lle
-
MD5
a07cd4b93a2d88d0b25de2f0001456c0
-
SHA1
3899ce3244d184cf745f92eb25e02e21c062c3bf
-
SHA256
9a95de86c43fbd364f77ec7ad773847ebf56d1388490861c7ae7d811e79b219c
-
SHA512
e2fafab31f4756d7697e3d23c6fd7bfa4874505a8d6442d5edc55899fe848062a70b88b9295295adcd3a5cc4b97722c3e1d418f2495e6067d2307ce11a2a3d84
Task
task1
Sample
p9h3W74a.bat
Resource
win7v191014
Task
task2
Sample
p9h3W74a.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/p9h3W74a
Extracted
C:\7uzc61hm-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/03460156E7C74522
http://decryptor.top/03460156E7C74522
Targets
-
-
Target
p9h3W74a.bat
-
Size
189B
-
MD5
a07cd4b93a2d88d0b25de2f0001456c0
-
SHA1
3899ce3244d184cf745f92eb25e02e21c062c3bf
-
SHA256
9a95de86c43fbd364f77ec7ad773847ebf56d1388490861c7ae7d811e79b219c
-
SHA512
e2fafab31f4756d7697e3d23c6fd7bfa4874505a8d6442d5edc55899fe848062a70b88b9295295adcd3a5cc4b97722c3e1d418f2495e6067d2307ce11a2a3d84
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-