General
-
Target
1Agr4GZR.bat
-
Size
195B
-
Sample
200305-4hv2v9fmln
-
MD5
d8f17b7d64fd968c76fbda7167c2bf8e
-
SHA1
f90525aef93a39c5d07aab4cd7c5e8a87bc91ffe
-
SHA256
6bdb2e75595098a2c5dd9026ec2ac6d13fa279cd6d23217e7c0e28cc3318c708
-
SHA512
bfa55509af5be01bef540b299bf7737db0e69b7d811ec59412335f7be17e22d2fe1a4483d693e1daa4dc7f6538006669715b0718a5e78a7f750875c61cbb22d9
Static task
static1
Behavioral task
behavioral1
Sample
1Agr4GZR.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
1Agr4GZR.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/1Agr4GZR
Extracted
C:\ep68q4s85-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F6228642C93D0AF2
http://decryptor.cc/F6228642C93D0AF2
Targets
-
-
Target
1Agr4GZR.bat
-
Size
195B
-
MD5
d8f17b7d64fd968c76fbda7167c2bf8e
-
SHA1
f90525aef93a39c5d07aab4cd7c5e8a87bc91ffe
-
SHA256
6bdb2e75595098a2c5dd9026ec2ac6d13fa279cd6d23217e7c0e28cc3318c708
-
SHA512
bfa55509af5be01bef540b299bf7737db0e69b7d811ec59412335f7be17e22d2fe1a4483d693e1daa4dc7f6538006669715b0718a5e78a7f750875c61cbb22d9
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-