General
-
Target
AxRJbHcj.bat
-
Size
191B
-
Sample
200227-gsjm3bpvxx
-
MD5
c8057644f33461fab278b0bf3c6a103d
-
SHA1
5d669ea802108937803c3e530643811de7df3ad6
-
SHA256
7a29462b5b646f444451bd24baa06480abd3c1a39c33477d1530d1e21f4f7aa6
-
SHA512
03ac8f9aca2a2ed297a2755c8c1c875ec2eb5b98c2ed7cbab98e51a87bcfc31ed97214636964521adcf8d5475baebea60bde8253b76e38e9fa168d9dab2ff8cf
Static task
static1
Behavioral task
behavioral1
Sample
AxRJbHcj.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
AxRJbHcj.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/AxRJbHcj
Extracted
C:\54x5b562w7-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/206011A88ACD6C74
http://decryptor.cc/206011A88ACD6C74
Targets
-
-
Target
AxRJbHcj.bat
-
Size
191B
-
MD5
c8057644f33461fab278b0bf3c6a103d
-
SHA1
5d669ea802108937803c3e530643811de7df3ad6
-
SHA256
7a29462b5b646f444451bd24baa06480abd3c1a39c33477d1530d1e21f4f7aa6
-
SHA512
03ac8f9aca2a2ed297a2755c8c1c875ec2eb5b98c2ed7cbab98e51a87bcfc31ed97214636964521adcf8d5475baebea60bde8253b76e38e9fa168d9dab2ff8cf
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-