General
-
Target
x1Bvt0gq.bat
-
Size
192B
-
Sample
200309-1vytt543kx
-
MD5
dd1239e32d4fd55aae544bb15b09ea1f
-
SHA1
d4f32b49384a2337cbed07cfeebfa8e67e0802d4
-
SHA256
715a6a90ff483fa2887f7e1f517e959d18854b52d8f7ed9b2c274e5b54a1c436
-
SHA512
7a37249a47bfd25e8bd8c7c802cacdb5eb822b221e3a884599b49ab8798b0a9faf7ba98f34c14b7e7da39869f1bfcf452e482935ca502d77e829556921502646
Static task
static1
Behavioral task
behavioral1
Sample
x1Bvt0gq.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
x1Bvt0gq.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/x1Bvt0gq
Extracted
C:\d4v9g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CBFE8E71CF258E78
http://decryptor.cc/CBFE8E71CF258E78
Targets
-
-
Target
x1Bvt0gq.bat
-
Size
192B
-
MD5
dd1239e32d4fd55aae544bb15b09ea1f
-
SHA1
d4f32b49384a2337cbed07cfeebfa8e67e0802d4
-
SHA256
715a6a90ff483fa2887f7e1f517e959d18854b52d8f7ed9b2c274e5b54a1c436
-
SHA512
7a37249a47bfd25e8bd8c7c802cacdb5eb822b221e3a884599b49ab8798b0a9faf7ba98f34c14b7e7da39869f1bfcf452e482935ca502d77e829556921502646
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-