General
-
Target
4HwraGxu.bat
-
Size
196B
-
Sample
200305-fgq6y16lzs
-
MD5
94f125fc020eddcb4d532de46bae7e6f
-
SHA1
9a82eeac0dde9462f567e745ffe97b821ee717d6
-
SHA256
ce85bc90b8156bbafb9f66b7673730dc456ac31b96a6b2a44a1e2905ed49dd16
-
SHA512
51f5b3338698456e0d3c67d56dc18f534ba4ebda6bf1aa4f0cf2094431abca7d1aafa9df4ab6b9f76c47e45eb122b33088e5fefac658be80f2749f73fdf90ee4
Static task
static1
Behavioral task
behavioral1
Sample
4HwraGxu.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
4HwraGxu.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/4HwraGxu
Extracted
C:\mp62m85-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5604F8BF38983AB7
http://decryptor.cc/5604F8BF38983AB7
Targets
-
-
Target
4HwraGxu.bat
-
Size
196B
-
MD5
94f125fc020eddcb4d532de46bae7e6f
-
SHA1
9a82eeac0dde9462f567e745ffe97b821ee717d6
-
SHA256
ce85bc90b8156bbafb9f66b7673730dc456ac31b96a6b2a44a1e2905ed49dd16
-
SHA512
51f5b3338698456e0d3c67d56dc18f534ba4ebda6bf1aa4f0cf2094431abca7d1aafa9df4ab6b9f76c47e45eb122b33088e5fefac658be80f2749f73fdf90ee4
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-