General
-
Target
SRidfEeW.bat
-
Size
197B
-
Sample
200304-ja7ehzzpl6
-
MD5
a006bd666bc4f82f5ea1d674887611e6
-
SHA1
95ce7a9aebfdf6c87270f5889fa808a3ee8b714b
-
SHA256
81f5009b863a88f19955b83ad86d888a14e41894224116433e2dfc30b7e5a57b
-
SHA512
1f3071ebc844493d9cd484f5e519d9dd53c2078ece43366c370286b53dd38b3ad2ffe2af05293dcd22a668052a07a24791e0f108c7213b0223305fe4ad57739a
Static task
static1
Behavioral task
behavioral1
Sample
SRidfEeW.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
SRidfEeW.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/SRidfEeW
Extracted
C:\97jlx50n-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CF5DB5924344656E
http://decryptor.cc/CF5DB5924344656E
Targets
-
-
Target
SRidfEeW.bat
-
Size
197B
-
MD5
a006bd666bc4f82f5ea1d674887611e6
-
SHA1
95ce7a9aebfdf6c87270f5889fa808a3ee8b714b
-
SHA256
81f5009b863a88f19955b83ad86d888a14e41894224116433e2dfc30b7e5a57b
-
SHA512
1f3071ebc844493d9cd484f5e519d9dd53c2078ece43366c370286b53dd38b3ad2ffe2af05293dcd22a668052a07a24791e0f108c7213b0223305fe4ad57739a
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-