General
-
Target
ECR3zkRF.bat
-
Size
195B
-
Sample
200222-3dc6csydda
-
MD5
47af73dc3ff82d0a97e7b23198acc224
-
SHA1
b4bda7187d28ffc99c52781604a8a1b04c165e2b
-
SHA256
1598c21c0f1291f077f108dad0286e29e58f07962959d6645f256ecd85e43162
-
SHA512
82a6afa9ad6ace78e6a68c5dfa124e5d62927ceda54e341a04db9591b0b407f5886d3365af8a86d449870c3414ebc151bfcc256d1ac397813bf71a342358e002
Static task
static1
Behavioral task
behavioral1
Sample
ECR3zkRF.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
ECR3zkRF.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/ECR3zkRF
Extracted
C:\fz3260-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A1945F93509159BA
http://decryptor.cc/A1945F93509159BA
Targets
-
-
Target
ECR3zkRF.bat
-
Size
195B
-
MD5
47af73dc3ff82d0a97e7b23198acc224
-
SHA1
b4bda7187d28ffc99c52781604a8a1b04c165e2b
-
SHA256
1598c21c0f1291f077f108dad0286e29e58f07962959d6645f256ecd85e43162
-
SHA512
82a6afa9ad6ace78e6a68c5dfa124e5d62927ceda54e341a04db9591b0b407f5886d3365af8a86d449870c3414ebc151bfcc256d1ac397813bf71a342358e002
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-