General
-
Target
j6tiKu2h.bat
-
Size
197B
-
Sample
200210-cj8nlrxwk6
-
MD5
050369defab123655788bb4b8aab241f
-
SHA1
807cb1878569950049819f6a8122a760bf41624c
-
SHA256
5ce9cc906365d7b8b504d946dd31f3a37c290972ad6966972689524abaa6d12a
-
SHA512
55df33527936776d38b1a893f6e6f621eca96dad1b2d90903213697b7a0d50e274212818b20c06e00fb8d597a11231d6181d53d605e9d0c5b1983d034bf73026
Static task
static1
Behavioral task
behavioral1
Sample
j6tiKu2h.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
j6tiKu2h.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/j6tiKu2h
Targets
-
-
Target
j6tiKu2h.bat
-
Size
197B
-
MD5
050369defab123655788bb4b8aab241f
-
SHA1
807cb1878569950049819f6a8122a760bf41624c
-
SHA256
5ce9cc906365d7b8b504d946dd31f3a37c290972ad6966972689524abaa6d12a
-
SHA512
55df33527936776d38b1a893f6e6f621eca96dad1b2d90903213697b7a0d50e274212818b20c06e00fb8d597a11231d6181d53d605e9d0c5b1983d034bf73026
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-