General
-
Target
ydPBfFLN.bat
-
Size
196B
-
Sample
200317-che9s6l4ka
-
MD5
50fdb1991ec03a3aa2a0e43f003b45fa
-
SHA1
fd5349455dc0e38995beffbb501656e0cb76b8f3
-
SHA256
36b783132e9054391ec692f5470a2e2b0a9cdce7a09018477bb7eeefa7fc6739
-
SHA512
e7f5f38700f49162fae8c8f3a0ac9a06cac833321c2c39235f10c711c69de29dc9c4dca5806bd89810e1e2fcdbd3e0e3cd2a4e76ba2965baac703d7aeb0f1b82
Static task
static1
Behavioral task
behavioral1
Sample
ydPBfFLN.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
ydPBfFLN.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/ydPBfFLN
Extracted
C:\3m5a151n-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/68C81B5610D86BA9
http://decryptor.cc/68C81B5610D86BA9
Targets
-
-
Target
ydPBfFLN.bat
-
Size
196B
-
MD5
50fdb1991ec03a3aa2a0e43f003b45fa
-
SHA1
fd5349455dc0e38995beffbb501656e0cb76b8f3
-
SHA256
36b783132e9054391ec692f5470a2e2b0a9cdce7a09018477bb7eeefa7fc6739
-
SHA512
e7f5f38700f49162fae8c8f3a0ac9a06cac833321c2c39235f10c711c69de29dc9c4dca5806bd89810e1e2fcdbd3e0e3cd2a4e76ba2965baac703d7aeb0f1b82
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Sets desktop wallpaper using registry
-