General
-
Target
pHGx3x5F.bat
-
Size
189B
-
Sample
200304-6dkn9nd3z6
-
MD5
f8f2d35ab2ca83ab301ef94c9ca2c356
-
SHA1
9f417af220cfe9c60bad058d139354deb8022607
-
SHA256
c84e4db88d87029f006dc693c049288c87734e72eb1b2157011efcec833b5360
-
SHA512
f35a847580b31883ee57c5762c5805517739d6a2b3b4ea43697518577dddecd2f066fbcb2858d0859ac10d67280ae72bc25d5541a72b7f34469aadd3044378cc
Static task
static1
Behavioral task
behavioral1
Sample
pHGx3x5F.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
pHGx3x5F.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/pHGx3x5F
Extracted
C:\j0h0s1fi18-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/88D096C283EA00EF
http://decryptor.cc/88D096C283EA00EF
Targets
-
-
Target
pHGx3x5F.bat
-
Size
189B
-
MD5
f8f2d35ab2ca83ab301ef94c9ca2c356
-
SHA1
9f417af220cfe9c60bad058d139354deb8022607
-
SHA256
c84e4db88d87029f006dc693c049288c87734e72eb1b2157011efcec833b5360
-
SHA512
f35a847580b31883ee57c5762c5805517739d6a2b3b4ea43697518577dddecd2f066fbcb2858d0859ac10d67280ae72bc25d5541a72b7f34469aadd3044378cc
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-