General
-
Target
fDVKq3XY.bat
-
Size
196B
-
Sample
200304-qqkm7ym462
-
MD5
13c6ac3eb74ae1c015c9025f767dab56
-
SHA1
f10a803dbbac9109f416597bd51423a98ade9c62
-
SHA256
8e692d3a906ba2636e93c6eae4acfb40d13459492e03008475defe021ff4db21
-
SHA512
d931c952a2ffe69502ccd2ec6aa597c7a7a1318aa9cd3bd48fb30fed5cb653fd333531302db3c1e77581e827e0104e63d313d2818a5bbc24d14047fa7c6882a7
Static task
static1
Behavioral task
behavioral1
Sample
fDVKq3XY.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
fDVKq3XY.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/fDVKq3XY
Extracted
C:\ga69b470w-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/87AB8BB5B8B13D6D
http://decryptor.cc/87AB8BB5B8B13D6D
Targets
-
-
Target
fDVKq3XY.bat
-
Size
196B
-
MD5
13c6ac3eb74ae1c015c9025f767dab56
-
SHA1
f10a803dbbac9109f416597bd51423a98ade9c62
-
SHA256
8e692d3a906ba2636e93c6eae4acfb40d13459492e03008475defe021ff4db21
-
SHA512
d931c952a2ffe69502ccd2ec6aa597c7a7a1318aa9cd3bd48fb30fed5cb653fd333531302db3c1e77581e827e0104e63d313d2818a5bbc24d14047fa7c6882a7
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-