General
-
Target
6L8WM1sF.bat
-
Size
191B
-
Sample
200316-awb4rj3lx2
-
MD5
90f85d22cc702211587eaf4f993a8b8b
-
SHA1
d79be65ef949d358f494b7c543bab3664083e23e
-
SHA256
e6632da29ef19eeac3e6c9e921096e7b1deb2555a860eda82e3e291a60282b4e
-
SHA512
6a76cca4a2c5a3acd35ef84a5b330666960432b1fab6d7ea225e973ec9c024ee95f5a8317fd54a7e63c6c23cf12fb97da73b2c1ac3fbc18b82530c55776e7ef5
Static task
static1
Behavioral task
behavioral1
Sample
6L8WM1sF.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
6L8WM1sF.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/6L8WM1sF
Extracted
C:\m7wl7-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/1A4715021DD6730E
http://decryptor.cc/1A4715021DD6730E
Targets
-
-
Target
6L8WM1sF.bat
-
Size
191B
-
MD5
90f85d22cc702211587eaf4f993a8b8b
-
SHA1
d79be65ef949d358f494b7c543bab3664083e23e
-
SHA256
e6632da29ef19eeac3e6c9e921096e7b1deb2555a860eda82e3e291a60282b4e
-
SHA512
6a76cca4a2c5a3acd35ef84a5b330666960432b1fab6d7ea225e973ec9c024ee95f5a8317fd54a7e63c6c23cf12fb97da73b2c1ac3fbc18b82530c55776e7ef5
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-