General
-
Target
ePwu3qhG.bat
-
Size
195B
-
Sample
200316-7e71xq1b5a
-
MD5
aaa7b25a5b6939e0c9f77a1d8c141ff1
-
SHA1
9a68e6ebd88ee65a64c80eabd25057e8b1f7a0c3
-
SHA256
d03a1ed079e497d770b0661e81fe675fe379107ec06f75ce916466d2026b9310
-
SHA512
bc6ac64ddfeeed68bb844d913716f47f951b488d2a509993e73202577b72b129d4c725baeb5fc5bf191c97a4cb8b90d319ed23b8c9056eeb9d9d5d34acd0976e
Static task
static1
Behavioral task
behavioral1
Sample
ePwu3qhG.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
ePwu3qhG.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/ePwu3qhG
Extracted
C:\v65g0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D19FCC29AFE4E52C
http://decryptor.cc/D19FCC29AFE4E52C
Targets
-
-
Target
ePwu3qhG.bat
-
Size
195B
-
MD5
aaa7b25a5b6939e0c9f77a1d8c141ff1
-
SHA1
9a68e6ebd88ee65a64c80eabd25057e8b1f7a0c3
-
SHA256
d03a1ed079e497d770b0661e81fe675fe379107ec06f75ce916466d2026b9310
-
SHA512
bc6ac64ddfeeed68bb844d913716f47f951b488d2a509993e73202577b72b129d4c725baeb5fc5bf191c97a4cb8b90d319ed23b8c9056eeb9d9d5d34acd0976e
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-