General
-
Target
VBVZwKh2.bat
-
Size
192B
-
Sample
200214-b4888xmk7s
-
MD5
6d785a69cece8a1db41ac16a40b3d469
-
SHA1
3e9c42da7820f6482b56ed99a08a3051076c88f6
-
SHA256
adb8be048044d331c8e2554606ac514e646699681e7e88b2e647c82f8d675ab1
-
SHA512
0788ac3d5448b0feca2d2f4e1f1db84c28ccd171279e46352ebb09f4f6a855378e5e1e23206f406050df5462b23161bd4e2350aae10f3584dcdb453803fb28f4
Static task
static1
Behavioral task
behavioral1
Sample
VBVZwKh2.bat
Resource
win7v200213
Behavioral task
behavioral2
Sample
VBVZwKh2.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/VBVZwKh2
Extracted
C:\2r56lb-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9DD522B44407655B
http://decryptor.cc/9DD522B44407655B
Targets
-
-
Target
VBVZwKh2.bat
-
Size
192B
-
MD5
6d785a69cece8a1db41ac16a40b3d469
-
SHA1
3e9c42da7820f6482b56ed99a08a3051076c88f6
-
SHA256
adb8be048044d331c8e2554606ac514e646699681e7e88b2e647c82f8d675ab1
-
SHA512
0788ac3d5448b0feca2d2f4e1f1db84c28ccd171279e46352ebb09f4f6a855378e5e1e23206f406050df5462b23161bd4e2350aae10f3584dcdb453803fb28f4
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-