General
-
Target
a8PksJz5.bat
-
Size
194B
-
Sample
200316-hnb5gxylbj
-
MD5
9faf63eac34cc3d9ea16d6b277604ac2
-
SHA1
040adffa9f522a54705094c46bc8403ab8b1e276
-
SHA256
7aa72aad79b276efddbc9b9e1ad3bd6e9ef8b9ff064d7648b023f25b888597ec
-
SHA512
2face7a6c8a51c05c0f8f6783ea60ab62a9238f8422f99d43f536bae21f5677557b4dc4e5269fc2a2a55866b5d8f6adc5022dfb8c1dc1c2d53b7bea18b15a93d
Static task
static1
Behavioral task
behavioral1
Sample
a8PksJz5.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
a8PksJz5.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/a8PksJz5
Extracted
C:\8l660278l7-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5DDFDFA1BB0B13ED
http://decryptor.cc/5DDFDFA1BB0B13ED
Targets
-
-
Target
a8PksJz5.bat
-
Size
194B
-
MD5
9faf63eac34cc3d9ea16d6b277604ac2
-
SHA1
040adffa9f522a54705094c46bc8403ab8b1e276
-
SHA256
7aa72aad79b276efddbc9b9e1ad3bd6e9ef8b9ff064d7648b023f25b888597ec
-
SHA512
2face7a6c8a51c05c0f8f6783ea60ab62a9238f8422f99d43f536bae21f5677557b4dc4e5269fc2a2a55866b5d8f6adc5022dfb8c1dc1c2d53b7bea18b15a93d
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-