General
-
Target
xtSAHQY3.bat
-
Size
197B
-
Sample
200212-94m61aym1j
-
MD5
aa9afb0520c167913e548054c13559f1
-
SHA1
f6d844dac49a6dcd129bfcca531204bb1763c83f
-
SHA256
a2e505a398d475ddb2eb3e29ebde4b5f0706e31272b3e05cb807fa276fddd771
-
SHA512
ebe22fd1498a042a6ea69b1ababd78d7d0e630f4d86da7f031fc094358d0532876a9bf9ac3ab9dfa9b4645c095191f68990ed3687aa6a30dddae2150cdea890a
Static task
static1
Behavioral task
behavioral1
Sample
xtSAHQY3.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
xtSAHQY3.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/xtSAHQY3
Extracted
C:\1d815-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5ADA6E548A65F013
http://decryptor.cc/5ADA6E548A65F013
Targets
-
-
Target
xtSAHQY3.bat
-
Size
197B
-
MD5
aa9afb0520c167913e548054c13559f1
-
SHA1
f6d844dac49a6dcd129bfcca531204bb1763c83f
-
SHA256
a2e505a398d475ddb2eb3e29ebde4b5f0706e31272b3e05cb807fa276fddd771
-
SHA512
ebe22fd1498a042a6ea69b1ababd78d7d0e630f4d86da7f031fc094358d0532876a9bf9ac3ab9dfa9b4645c095191f68990ed3687aa6a30dddae2150cdea890a
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-