General
-
Target
E6ZiuRBj.bat
-
Size
192B
-
Sample
200225-97z14365sa
-
MD5
2249a41a0632a89a141033f45d9c71d8
-
SHA1
d11ba758c8a87a62e773a95e5cd01787fdae226c
-
SHA256
03d85057c6e2669996196110f2b048f3de2e021f8806b61b6e4696ccc802e742
-
SHA512
c59548a6636bf85403b1ea379760d5310e1d8aebc859227340d68de07eb3ec63672a31db38ef6cd519f58139c192a0e4a03adfbce34c42708b7c630c172a499a
Static task
static1
Behavioral task
behavioral1
Sample
E6ZiuRBj.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
E6ZiuRBj.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/E6ZiuRBj
Extracted
C:\hp0ws8n-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9180D364F1EFBA80
http://decryptor.cc/9180D364F1EFBA80
Targets
-
-
Target
E6ZiuRBj.bat
-
Size
192B
-
MD5
2249a41a0632a89a141033f45d9c71d8
-
SHA1
d11ba758c8a87a62e773a95e5cd01787fdae226c
-
SHA256
03d85057c6e2669996196110f2b048f3de2e021f8806b61b6e4696ccc802e742
-
SHA512
c59548a6636bf85403b1ea379760d5310e1d8aebc859227340d68de07eb3ec63672a31db38ef6cd519f58139c192a0e4a03adfbce34c42708b7c630c172a499a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-