General
-
Target
ZaJ4FCCF.bat
-
Size
196B
-
Sample
200212-scdfhkjn1e
-
MD5
68d8269556c7004948245c547d5dffab
-
SHA1
a6b3020500dcebb6beba98fcdfd3333f4eee3bef
-
SHA256
4c50fce495b3543c8329f330fbfd8908b5b0f6da8d056d48a2553aeefba5763d
-
SHA512
6f8084ea3c15bc8eb4ac268b83d996eee682bd08214facbf752e7dfdc69c30f54a641cc5f2a791b1eb57a30e08aebb28ba642b18fdf964351e80f524a0eb555b
Static task
static1
Behavioral task
behavioral1
Sample
ZaJ4FCCF.bat
Resource
win7v191014
Behavioral task
behavioral2
Sample
ZaJ4FCCF.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/ZaJ4FCCF
Extracted
C:\f0vu6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EC6570002F081545
http://decryptor.cc/EC6570002F081545
Targets
-
-
Target
ZaJ4FCCF.bat
-
Size
196B
-
MD5
68d8269556c7004948245c547d5dffab
-
SHA1
a6b3020500dcebb6beba98fcdfd3333f4eee3bef
-
SHA256
4c50fce495b3543c8329f330fbfd8908b5b0f6da8d056d48a2553aeefba5763d
-
SHA512
6f8084ea3c15bc8eb4ac268b83d996eee682bd08214facbf752e7dfdc69c30f54a641cc5f2a791b1eb57a30e08aebb28ba642b18fdf964351e80f524a0eb555b
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-