General
-
Target
hvQ21ebW.bat
-
Size
191B
-
Sample
200210-zhad2w5n5s
-
MD5
7eb2eb2bf474386d8d7eef5ee2aaf3ef
-
SHA1
c9789a38150044b9ca8a4b9d350df691611f1861
-
SHA256
29b2a12ef2c75d6bb1bdbb4536e478a386dc4082a0756adc219bbd25c724bd1c
-
SHA512
827139be92e830cc7e7d6ac935327fe8960508ecb5e59cf338fb3cd2cc7cda12ae5686f15709bf5fec2cfb399912a9803f7b372601802bcd27e928072638b512
Static task
static1
Behavioral task
behavioral1
Sample
hvQ21ebW.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
hvQ21ebW.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/hvQ21ebW
Targets
-
-
Target
hvQ21ebW.bat
-
Size
191B
-
MD5
7eb2eb2bf474386d8d7eef5ee2aaf3ef
-
SHA1
c9789a38150044b9ca8a4b9d350df691611f1861
-
SHA256
29b2a12ef2c75d6bb1bdbb4536e478a386dc4082a0756adc219bbd25c724bd1c
-
SHA512
827139be92e830cc7e7d6ac935327fe8960508ecb5e59cf338fb3cd2cc7cda12ae5686f15709bf5fec2cfb399912a9803f7b372601802bcd27e928072638b512
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-