General
-
Target
Qqgre83T.bat
-
Size
197B
-
Sample
200221-694hzbj4cn
-
MD5
23fb28ede9070f21977214722b7b46fe
-
SHA1
f81fbe696a0abdcf0e314125ed1aaf8779feff0d
-
SHA256
552e2dd699f7eb32c4ce0dc9dd35616b783cdf3fcb391b01b0422e2ad98a8a45
-
SHA512
dcd01869d9bd74264aba08b5c66f7a94b3c5513f0e713fdd3d596e1ed6cb43582c184d39ca9f78a6d23814a96535a5ef294f97c42594e10b7546d38e2f0cc4ac
Static task
static1
Behavioral task
behavioral1
Sample
Qqgre83T.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
Qqgre83T.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/Qqgre83T
Extracted
C:\rnmbv-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8CF4F644E288F198
http://decryptor.cc/8CF4F644E288F198
Targets
-
-
Target
Qqgre83T.bat
-
Size
197B
-
MD5
23fb28ede9070f21977214722b7b46fe
-
SHA1
f81fbe696a0abdcf0e314125ed1aaf8779feff0d
-
SHA256
552e2dd699f7eb32c4ce0dc9dd35616b783cdf3fcb391b01b0422e2ad98a8a45
-
SHA512
dcd01869d9bd74264aba08b5c66f7a94b3c5513f0e713fdd3d596e1ed6cb43582c184d39ca9f78a6d23814a96535a5ef294f97c42594e10b7546d38e2f0cc4ac
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Drops startup file
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-