General
-
Target
4jD1biG2.bat
-
Size
191B
-
Sample
200210-ea6tglj89e
-
MD5
6097db04a430a1a65515bae911e13c6e
-
SHA1
41f39ba8f63c6ff8067348f596155beb32c45f17
-
SHA256
5743310e1c2bd52d3abf50fa874a206e42a4aac4e182447e99f3cf32be4334ed
-
SHA512
22fd4f652757e39fca2fa7b8a5d51cf951b76b200764b0ad45aa01cd38f9cbfb63df5542f08606fc198857cdecf1e4fd14d1cd005805203469b9dbb9a52ed777
Static task
static1
Behavioral task
behavioral1
Sample
4jD1biG2.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
4jD1biG2.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/4jD1biG2
Targets
-
-
Target
4jD1biG2.bat
-
Size
191B
-
MD5
6097db04a430a1a65515bae911e13c6e
-
SHA1
41f39ba8f63c6ff8067348f596155beb32c45f17
-
SHA256
5743310e1c2bd52d3abf50fa874a206e42a4aac4e182447e99f3cf32be4334ed
-
SHA512
22fd4f652757e39fca2fa7b8a5d51cf951b76b200764b0ad45aa01cd38f9cbfb63df5542f08606fc198857cdecf1e4fd14d1cd005805203469b9dbb9a52ed777
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-