General
-
Target
cprun25q.bat
-
Size
191B
-
Sample
200316-68zpatc48n
-
MD5
933c2d6f2a9e95f8599e99854d455f7b
-
SHA1
116e381213a8eaf45ddcdfe0244dac6be266c97b
-
SHA256
45950a68862103c31265dcd6ae75237648ba61c0ee54b94073066f6e504196a7
-
SHA512
ad93f3b86bd7912322f410b802ee8fa0a1aac97f14b46779b709997d039b361dde35740aedead01f3b40fea1ae7798ede468639c83ba5e2724b7c674e3733d2e
Static task
static1
Behavioral task
behavioral1
Sample
cprun25q.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
cprun25q.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/cprun25q
Extracted
C:\652wmldd-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/AB72FEE4E2C58DDF
http://decryptor.cc/AB72FEE4E2C58DDF
Targets
-
-
Target
cprun25q.bat
-
Size
191B
-
MD5
933c2d6f2a9e95f8599e99854d455f7b
-
SHA1
116e381213a8eaf45ddcdfe0244dac6be266c97b
-
SHA256
45950a68862103c31265dcd6ae75237648ba61c0ee54b94073066f6e504196a7
-
SHA512
ad93f3b86bd7912322f410b802ee8fa0a1aac97f14b46779b709997d039b361dde35740aedead01f3b40fea1ae7798ede468639c83ba5e2724b7c674e3733d2e
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-