General
-
Target
GxdgNtfB.bat
-
Size
192B
-
Sample
200229-xxllyag6ae
-
MD5
d40190448142e92524fc41e756e185b6
-
SHA1
399ead1022291c86a66bf5bfcf1e7229287b5721
-
SHA256
7d300da6df98325755580525ea2039cd8d4c9420557fb992d83440840bdcbd25
-
SHA512
90361f11344ac7acbb897c55ffeddbc8695130c75e05b909bd72652f024416ffe8fc7f1040affa5dcf68f7e0c48958695ad85a928a323fb4bab671b4df5170b8
Static task
static1
Behavioral task
behavioral1
Sample
GxdgNtfB.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
GxdgNtfB.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/GxdgNtfB
Extracted
C:\lqdsy55g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/43E3E340647DF886
http://decryptor.cc/43E3E340647DF886
Targets
-
-
Target
GxdgNtfB.bat
-
Size
192B
-
MD5
d40190448142e92524fc41e756e185b6
-
SHA1
399ead1022291c86a66bf5bfcf1e7229287b5721
-
SHA256
7d300da6df98325755580525ea2039cd8d4c9420557fb992d83440840bdcbd25
-
SHA512
90361f11344ac7acbb897c55ffeddbc8695130c75e05b909bd72652f024416ffe8fc7f1040affa5dcf68f7e0c48958695ad85a928a323fb4bab671b4df5170b8
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-