General
-
Target
61qVyZCf.bat
-
Size
189B
-
Sample
200211-bfsexwsg5n
-
MD5
b333d94ab42b4326dd0fd88ed1478a68
-
SHA1
25f722c04783237a8195b64d6c08ea787991c6eb
-
SHA256
ece31cd5ba841084557b618766ee4ec4e36796d0ece6191574a8eb615e01e909
-
SHA512
1cfd9d628a71c3a6558ba135ad295db79c8dec2bbbc438a6a8a0c2cae5465aaa74fccfcc14a1b62cc17f443f6400750a4eba200e2b2ce170a031941b412be2b0
Static task
static1
Behavioral task
behavioral1
Sample
61qVyZCf.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
61qVyZCf.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/61qVyZCf
Extracted
C:\8q88jx-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E27DC6532B1C89E1
http://decryptor.cc/E27DC6532B1C89E1
Targets
-
-
Target
61qVyZCf.bat
-
Size
189B
-
MD5
b333d94ab42b4326dd0fd88ed1478a68
-
SHA1
25f722c04783237a8195b64d6c08ea787991c6eb
-
SHA256
ece31cd5ba841084557b618766ee4ec4e36796d0ece6191574a8eb615e01e909
-
SHA512
1cfd9d628a71c3a6558ba135ad295db79c8dec2bbbc438a6a8a0c2cae5465aaa74fccfcc14a1b62cc17f443f6400750a4eba200e2b2ce170a031941b412be2b0
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-