General
-
Target
UJvbivju.bat
-
Size
189B
-
Sample
200304-2xxdgala6n
-
MD5
30e9f006bd27f61b87649fb861b70525
-
SHA1
602c170aa87ed68a7c5f68f15a162bdbd51dfc1f
-
SHA256
c27c8d9ea31e707420a5f77581ead62b943e9195989ff1d5df30d0ecafefe2e6
-
SHA512
f9c62d8bff196da519b3c336d079781f33cdd0123f910448d9b8be41b732b149dbbed44e1bdb58ebf67d914ae4ec0d376ac16688851ea6714a21cf638a6cd7ae
Static task
static1
Behavioral task
behavioral1
Sample
UJvbivju.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
UJvbivju.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/UJvbivju
Extracted
C:\7dx1t04r65-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F6228642C93D0AF2
http://decryptor.cc/F6228642C93D0AF2
Targets
-
-
Target
UJvbivju.bat
-
Size
189B
-
MD5
30e9f006bd27f61b87649fb861b70525
-
SHA1
602c170aa87ed68a7c5f68f15a162bdbd51dfc1f
-
SHA256
c27c8d9ea31e707420a5f77581ead62b943e9195989ff1d5df30d0ecafefe2e6
-
SHA512
f9c62d8bff196da519b3c336d079781f33cdd0123f910448d9b8be41b732b149dbbed44e1bdb58ebf67d914ae4ec0d376ac16688851ea6714a21cf638a6cd7ae
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-