General
-
Target
6pYB8Xdr.bat
-
Size
189B
-
Sample
200306-4j3rx2by5e
-
MD5
adc4c486529632e46e26c2a27d5ddc96
-
SHA1
a5f4112bb2edb99a02cadb82a8de2100bf69a103
-
SHA256
d2f4f3c848cdde79b41cec10b15c3234bc45e5f5fcc3982846ac4788872c9b85
-
SHA512
8df8d6bbe3b2065c4de26aef438097d3a7b8ee7f47c96001cb86f41eeb2d7a154543af5fdcb9ab11c6b3a52de4b75f7163bc8f00d272b74b0632a37ed98c2d5f
Static task
static1
Behavioral task
behavioral1
Sample
6pYB8Xdr.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
6pYB8Xdr.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/6pYB8Xdr
Extracted
C:\d5584r59c9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F1A1BCF7F0747E1B
http://decryptor.cc/F1A1BCF7F0747E1B
Targets
-
-
Target
6pYB8Xdr.bat
-
Size
189B
-
MD5
adc4c486529632e46e26c2a27d5ddc96
-
SHA1
a5f4112bb2edb99a02cadb82a8de2100bf69a103
-
SHA256
d2f4f3c848cdde79b41cec10b15c3234bc45e5f5fcc3982846ac4788872c9b85
-
SHA512
8df8d6bbe3b2065c4de26aef438097d3a7b8ee7f47c96001cb86f41eeb2d7a154543af5fdcb9ab11c6b3a52de4b75f7163bc8f00d272b74b0632a37ed98c2d5f
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-