General
-
Target
bsJBkqPK.bat
-
Size
193B
-
Sample
200316-eb3gvrkpy2
-
MD5
99929ffc8e13387f5a71dd140dc6450b
-
SHA1
1bdbc579995fbb2a567d20294cc6004c7d4b8419
-
SHA256
205f308559944742c73835ecd74a524acfdb102c9fa1ff5635416d257c7493aa
-
SHA512
6c686c8b1d6ad362012f9dc2c35947e0f856d4e177c6d1403d4b47d0f48c0a5c1c4a96a69621301b7d2daf7706872dc83d53daa2edf1842972834bfdeb672602
Static task
static1
Behavioral task
behavioral1
Sample
bsJBkqPK.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
bsJBkqPK.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/bsJBkqPK
Extracted
C:\0716t-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0A9DDAF5424AC687
http://decryptor.cc/0A9DDAF5424AC687
Targets
-
-
Target
bsJBkqPK.bat
-
Size
193B
-
MD5
99929ffc8e13387f5a71dd140dc6450b
-
SHA1
1bdbc579995fbb2a567d20294cc6004c7d4b8419
-
SHA256
205f308559944742c73835ecd74a524acfdb102c9fa1ff5635416d257c7493aa
-
SHA512
6c686c8b1d6ad362012f9dc2c35947e0f856d4e177c6d1403d4b47d0f48c0a5c1c4a96a69621301b7d2daf7706872dc83d53daa2edf1842972834bfdeb672602
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-