General
-
Target
2fUqd8gw.bat
-
Size
197B
-
Sample
200305-h99jc7bjx2
-
MD5
bba13ab064fd650d7da536895d139ddf
-
SHA1
9a69c367fd1c5d3447045ab97f18bd1a7090207d
-
SHA256
3f7d93a5de4e099d800fe9f59e6a3b4bae526e405962e2f0208e18bc1b5cff91
-
SHA512
c9b129829953df9ed8e0a9834fc8bafc0259abe65dc7b185535a8550088d459cd25327b17035405c8b424a263df337cc1bd7ea03b13b4bf95b8a948051efc031
Static task
static1
Behavioral task
behavioral1
Sample
2fUqd8gw.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
2fUqd8gw.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/2fUqd8gw
Extracted
C:\h698434kz-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/AACE83050253A540
http://decryptor.cc/AACE83050253A540
Targets
-
-
Target
2fUqd8gw.bat
-
Size
197B
-
MD5
bba13ab064fd650d7da536895d139ddf
-
SHA1
9a69c367fd1c5d3447045ab97f18bd1a7090207d
-
SHA256
3f7d93a5de4e099d800fe9f59e6a3b4bae526e405962e2f0208e18bc1b5cff91
-
SHA512
c9b129829953df9ed8e0a9834fc8bafc0259abe65dc7b185535a8550088d459cd25327b17035405c8b424a263df337cc1bd7ea03b13b4bf95b8a948051efc031
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-