General
-
Target
eEqGBFWD.bat
-
Size
194B
-
Sample
200211-hy6xmyr1wa
-
MD5
5921814fde0e9a996f0dee5a45a865c9
-
SHA1
946b9d4f1081b053f9b90544dcc83367e7cfbc21
-
SHA256
bf894d6ef5402e0c90fd5cfc08bd271dc601d90abdf0f73bc8c17e5a2861918b
-
SHA512
5f953ff30984392246fde646a900d5d91eb93f64345da39fc91007c67e913ce5b7ea8f59a5e572de72fa1052877a1eb7082fc67a31f9f4f118dd40db88e33763
Static task
static1
Behavioral task
behavioral1
Sample
eEqGBFWD.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
eEqGBFWD.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/eEqGBFWD
Extracted
C:\mcibkq8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FB3A92CAF2834034
http://decryptor.cc/FB3A92CAF2834034
Targets
-
-
Target
eEqGBFWD.bat
-
Size
194B
-
MD5
5921814fde0e9a996f0dee5a45a865c9
-
SHA1
946b9d4f1081b053f9b90544dcc83367e7cfbc21
-
SHA256
bf894d6ef5402e0c90fd5cfc08bd271dc601d90abdf0f73bc8c17e5a2861918b
-
SHA512
5f953ff30984392246fde646a900d5d91eb93f64345da39fc91007c67e913ce5b7ea8f59a5e572de72fa1052877a1eb7082fc67a31f9f4f118dd40db88e33763
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-