General
-
Target
yv3bZq0C.bat
-
Size
192B
-
Sample
200306-edbxlasfbs
-
MD5
986293d617a3f38c055066d8971343fc
-
SHA1
04a3044011926264954034bfeb463e7d9334018b
-
SHA256
083231c01b3b9c859b9683303c6bc946c15210cda94df73f79350c94366fd859
-
SHA512
befebd114ce90e8db3d026c2775cf8be09a714b6c2548d3728e7e89a3d01f3a385a3516740e103e380e3c8fb95552fc20103d3745520464e6976c23d777dfc34
Static task
static1
Behavioral task
behavioral1
Sample
yv3bZq0C.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
yv3bZq0C.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/yv3bZq0C
Extracted
C:\w96xs84y4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E4417BDFD428A681
http://decryptor.cc/E4417BDFD428A681
Targets
-
-
Target
yv3bZq0C.bat
-
Size
192B
-
MD5
986293d617a3f38c055066d8971343fc
-
SHA1
04a3044011926264954034bfeb463e7d9334018b
-
SHA256
083231c01b3b9c859b9683303c6bc946c15210cda94df73f79350c94366fd859
-
SHA512
befebd114ce90e8db3d026c2775cf8be09a714b6c2548d3728e7e89a3d01f3a385a3516740e103e380e3c8fb95552fc20103d3745520464e6976c23d777dfc34
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-