General
-
Target
42HVHYvi.bat
-
Size
192B
-
Sample
200219-dsykqxdnhn
-
MD5
a9075a0e43612a388eda0d4643037a34
-
SHA1
6bfb53b342e2518e07955676e5a8f18717970504
-
SHA256
811d39f86a8efff6544dcd852c24a3fe2e5446f5eb7fdd9e740b424a221ab366
-
SHA512
9a9275289c65b19cc5e4d94572b1e6dfbe84c47a028193d0c142a363e0b279e0cb217d2d63c759839730ec8158460da427cb9ac354a124a9f6ae73ab7fa063ee
Static task
static1
Behavioral task
behavioral1
Sample
42HVHYvi.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
42HVHYvi.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/42HVHYvi
Extracted
C:\7z93j-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F6C38D1F961A5462
http://decryptor.cc/F6C38D1F961A5462
Targets
-
-
Target
42HVHYvi.bat
-
Size
192B
-
MD5
a9075a0e43612a388eda0d4643037a34
-
SHA1
6bfb53b342e2518e07955676e5a8f18717970504
-
SHA256
811d39f86a8efff6544dcd852c24a3fe2e5446f5eb7fdd9e740b424a221ab366
-
SHA512
9a9275289c65b19cc5e4d94572b1e6dfbe84c47a028193d0c142a363e0b279e0cb217d2d63c759839730ec8158460da427cb9ac354a124a9f6ae73ab7fa063ee
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-