General
-
Target
HtYRZhCc.bat
-
Size
189B
-
Sample
200301-5pr38vj7xs
-
MD5
d0eafb36abcfd1c15e9bef86bcf280b0
-
SHA1
c4c71e785acaa2543c8ff32db8dbbf49761b78dd
-
SHA256
2f8423a9b51942cea3d3e71e185c4e5780a8dc51cfc5fc0d84d08ad9efe067a5
-
SHA512
f75e1a19ca43ab9fbb7e99cdebce8ceca51922258cff04724e811eecfee88a050b1c496580a498ecc845c67abf7ce14b37bf80c0f4fd9d5c300d4bff1b8c9cd5
Static task
static1
Behavioral task
behavioral1
Sample
HtYRZhCc.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
HtYRZhCc.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/HtYRZhCc
Extracted
C:\i928ld15m9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9180D364F1EFBA80
http://decryptor.cc/9180D364F1EFBA80
Targets
-
-
Target
HtYRZhCc.bat
-
Size
189B
-
MD5
d0eafb36abcfd1c15e9bef86bcf280b0
-
SHA1
c4c71e785acaa2543c8ff32db8dbbf49761b78dd
-
SHA256
2f8423a9b51942cea3d3e71e185c4e5780a8dc51cfc5fc0d84d08ad9efe067a5
-
SHA512
f75e1a19ca43ab9fbb7e99cdebce8ceca51922258cff04724e811eecfee88a050b1c496580a498ecc845c67abf7ce14b37bf80c0f4fd9d5c300d4bff1b8c9cd5
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-