General
-
Target
3rgEMX03.bat
-
Size
195B
-
Sample
200214-ftla19tqqa
-
MD5
1e22fc56660d70cc6931a0707fe97695
-
SHA1
23e6b26aea360ef8eb18d7672c4fd7b2175ea6f3
-
SHA256
1ae2de8ca7c0027101d54f5b55f66c93edf48dd0db0e101cb7722b021f125c43
-
SHA512
149aa711eaacfa86a2a285b1592f5a8ddf4dbf4c5d2a3f4700a38194c544edf761b174016c6439c06f84fc1a815841144d84376d4779ab2e1c92c3163516903f
Static task
static1
Behavioral task
behavioral1
Sample
3rgEMX03.bat
Resource
win7v200213
Behavioral task
behavioral2
Sample
3rgEMX03.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/3rgEMX03
Extracted
C:\8k1rg8dl-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/76289AA97E0B44AB
http://decryptor.cc/76289AA97E0B44AB
Targets
-
-
Target
3rgEMX03.bat
-
Size
195B
-
MD5
1e22fc56660d70cc6931a0707fe97695
-
SHA1
23e6b26aea360ef8eb18d7672c4fd7b2175ea6f3
-
SHA256
1ae2de8ca7c0027101d54f5b55f66c93edf48dd0db0e101cb7722b021f125c43
-
SHA512
149aa711eaacfa86a2a285b1592f5a8ddf4dbf4c5d2a3f4700a38194c544edf761b174016c6439c06f84fc1a815841144d84376d4779ab2e1c92c3163516903f
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-