General
-
Target
hgDyST1E.bat
-
Size
190B
-
Sample
200319-lh9cgsl3es
-
MD5
4668239566a80d708fba74f1e0bddbbc
-
SHA1
3bc18157625d1de63134344bcd94006c92e970c4
-
SHA256
31580cbbd123c8272731678cb7c2297b6329b3f4512125568aeb7a6ae09ab294
-
SHA512
d95adf76f94b712e99a0be8286fad55472a12aa04c5288bc930961d003cf09bd83fbc26b19ab90ce60fd459b5efa3e0eadd36d5a710a62788efbe3ad6ce72947
Static task
static1
Behavioral task
behavioral1
Sample
hgDyST1E.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
hgDyST1E.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/hgDyST1E
Extracted
C:\ng4sm6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/92B2766D8AA053E8
http://decryptor.cc/92B2766D8AA053E8
Targets
-
-
Target
hgDyST1E.bat
-
Size
190B
-
MD5
4668239566a80d708fba74f1e0bddbbc
-
SHA1
3bc18157625d1de63134344bcd94006c92e970c4
-
SHA256
31580cbbd123c8272731678cb7c2297b6329b3f4512125568aeb7a6ae09ab294
-
SHA512
d95adf76f94b712e99a0be8286fad55472a12aa04c5288bc930961d003cf09bd83fbc26b19ab90ce60fd459b5efa3e0eadd36d5a710a62788efbe3ad6ce72947
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-