General
-
Target
sGfuLFJL.bat
-
Size
193B
-
Sample
200317-xg2tekyhfe
-
MD5
17c9f036750c9f73392ad5d300c77ef7
-
SHA1
e7f99574e7989564a222e10856daded5d49d5922
-
SHA256
ca270555bc105598de38c9103f8dd41470b6ea4ae35d5da3cfb75c27a7897204
-
SHA512
e5036da198a282c2ebdf7e0646d5aeeab5e28d20d7266b2cc7309569ab6770258a2f846a5f4470a03d07b63d16d3a0762f860aef106759ecf6be604e3df59d46
Static task
static1
Behavioral task
behavioral1
Sample
sGfuLFJL.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
sGfuLFJL.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/sGfuLFJL
Extracted
C:\pmo05x3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F57C7E456F9BD1E1
http://decryptor.cc/F57C7E456F9BD1E1
Targets
-
-
Target
sGfuLFJL.bat
-
Size
193B
-
MD5
17c9f036750c9f73392ad5d300c77ef7
-
SHA1
e7f99574e7989564a222e10856daded5d49d5922
-
SHA256
ca270555bc105598de38c9103f8dd41470b6ea4ae35d5da3cfb75c27a7897204
-
SHA512
e5036da198a282c2ebdf7e0646d5aeeab5e28d20d7266b2cc7309569ab6770258a2f846a5f4470a03d07b63d16d3a0762f860aef106759ecf6be604e3df59d46
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Sets desktop wallpaper using registry
-