General
-
Target
hBjM939D.bat
-
Size
198B
-
Sample
200211-8t4pnj5wks
-
MD5
31f14e4e5545659b2edf91aedb0830cb
-
SHA1
e5489bc5f3b8f118e6fb0ba7f5f4a0223a33863a
-
SHA256
2f3a2162c69c2185edadd4cc4d60b0ef9f2d212d2d710f30e012b9878aefc0f1
-
SHA512
80298267b14e688189cfefabed44496c5c22a51c50c788ac72ed1b9ad4ab1848068308f1a7990665ebba4220a428cdb7a1a5695a3643ea395af7566726914562
Static task
static1
Behavioral task
behavioral1
Sample
hBjM939D.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
hBjM939D.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/hBjM939D
Extracted
C:\s0ks9v-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2F57540029B6714A
http://decryptor.cc/2F57540029B6714A
Targets
-
-
Target
hBjM939D.bat
-
Size
198B
-
MD5
31f14e4e5545659b2edf91aedb0830cb
-
SHA1
e5489bc5f3b8f118e6fb0ba7f5f4a0223a33863a
-
SHA256
2f3a2162c69c2185edadd4cc4d60b0ef9f2d212d2d710f30e012b9878aefc0f1
-
SHA512
80298267b14e688189cfefabed44496c5c22a51c50c788ac72ed1b9ad4ab1848068308f1a7990665ebba4220a428cdb7a1a5695a3643ea395af7566726914562
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-