General
-
Target
QtxPGbas.bat
-
Size
189B
-
Sample
200217-mcagl2slae
-
MD5
b896f6ff4553af50764dbf2c947a05bb
-
SHA1
530bc65bb8cd23bf06865ddb93164f0c6348f578
-
SHA256
f9366f629ed77ac92ea0a86a9f063f9a33f6cb37c03b8c094f4d74515b930412
-
SHA512
32377669fab2cc36cd228ef46fc33f15d36d4ef2abdd7c3c93b253d8b7a520c697cc67b80c5bd8762d1b6bac18764adb97edeca3a08e7cd24316a84384405a85
Static task
static1
Behavioral task
behavioral1
Sample
QtxPGbas.bat
Resource
win7v200213
Behavioral task
behavioral2
Sample
QtxPGbas.bat
Resource
win10v191014
Malware Config
Extracted
http://185.103.242.78/pastes/QtxPGbas
Extracted
C:\5cxg6z6j82-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A71438A36D561A11
http://decryptor.cc/A71438A36D561A11
Targets
-
-
Target
QtxPGbas.bat
-
Size
189B
-
MD5
b896f6ff4553af50764dbf2c947a05bb
-
SHA1
530bc65bb8cd23bf06865ddb93164f0c6348f578
-
SHA256
f9366f629ed77ac92ea0a86a9f063f9a33f6cb37c03b8c094f4d74515b930412
-
SHA512
32377669fab2cc36cd228ef46fc33f15d36d4ef2abdd7c3c93b253d8b7a520c697cc67b80c5bd8762d1b6bac18764adb97edeca3a08e7cd24316a84384405a85
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-