General
-
Target
zZUYwTzM.bat
-
Size
197B
-
Sample
200304-tte2njsszn
-
MD5
b04c3d250c987c8a4480e6b02daebe3e
-
SHA1
c007ba6498a2e7a33e17f95c2bdc7f8066292d09
-
SHA256
5a1be616eab5c01a9145ed3b4d7887395fbb9185e1280cdab492d369a7b67929
-
SHA512
511f6b7c909cae54126cf1db801fd24a75309837eac7f62ea4036cb9a08ec0b4a83be038e0dd2143e717d7d0f5fa8382b92397fd46c40b92e830444ec494a094
Static task
static1
Behavioral task
behavioral1
Sample
zZUYwTzM.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
zZUYwTzM.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/zZUYwTzM
Extracted
C:\kxces24qg9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F07990FF17E61AA9
http://decryptor.cc/F07990FF17E61AA9
Targets
-
-
Target
zZUYwTzM.bat
-
Size
197B
-
MD5
b04c3d250c987c8a4480e6b02daebe3e
-
SHA1
c007ba6498a2e7a33e17f95c2bdc7f8066292d09
-
SHA256
5a1be616eab5c01a9145ed3b4d7887395fbb9185e1280cdab492d369a7b67929
-
SHA512
511f6b7c909cae54126cf1db801fd24a75309837eac7f62ea4036cb9a08ec0b4a83be038e0dd2143e717d7d0f5fa8382b92397fd46c40b92e830444ec494a094
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-