General
-
Target
Y3Jy2jds.bat
-
Size
198B
-
Sample
200303-rzh5zc64ds
-
MD5
8b67c908fe9a32e3673e14da0303625e
-
SHA1
a9c21d20b5847e81b372f00b0147b6cbabcfb143
-
SHA256
1dfa60cb96d3c4ed546f6106ab753fddd1c91516a748a7992b4aa3139531e2dc
-
SHA512
ec6df17d0937af862574c904802b467284695421f411846032aec4c3fdd703b40f1eeb9498456c0242f588052f5db19f384ac6eeb4555f6d2d01fec6365f6e9e
Static task
static1
Behavioral task
behavioral1
Sample
Y3Jy2jds.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
Y3Jy2jds.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/Y3Jy2jds
Extracted
C:\fm7ii564o-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/AACE83050253A540
http://decryptor.cc/AACE83050253A540
Targets
-
-
Target
Y3Jy2jds.bat
-
Size
198B
-
MD5
8b67c908fe9a32e3673e14da0303625e
-
SHA1
a9c21d20b5847e81b372f00b0147b6cbabcfb143
-
SHA256
1dfa60cb96d3c4ed546f6106ab753fddd1c91516a748a7992b4aa3139531e2dc
-
SHA512
ec6df17d0937af862574c904802b467284695421f411846032aec4c3fdd703b40f1eeb9498456c0242f588052f5db19f384ac6eeb4555f6d2d01fec6365f6e9e
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-