General
-
Target
fdjnedGV.bat
-
Size
192B
-
Sample
200320-s4c7njtdc6
-
MD5
8f7dffa5522df79e5b33140373b3d1af
-
SHA1
ce53fe47f145c69821fb62aded58cc7111b30354
-
SHA256
cb8dd0fea847727d0f111df73187d8f78b67479c9225cfc7c32860a915dd5832
-
SHA512
699adbc5eed8f93f1e6c324c96379b5ed4da00a5c72df782854f5f0281d6d7c0c2350899b93570a4316b457a96d169aa8226c5199b5adf2c101fb8c0b4321c8c
Static task
static1
Behavioral task
behavioral1
Sample
fdjnedGV.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
fdjnedGV.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/fdjnedGV
Extracted
C:\5g997z561s-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2DBFECC82F6AF3F5
http://decryptor.cc/2DBFECC82F6AF3F5
Targets
-
-
Target
fdjnedGV.bat
-
Size
192B
-
MD5
8f7dffa5522df79e5b33140373b3d1af
-
SHA1
ce53fe47f145c69821fb62aded58cc7111b30354
-
SHA256
cb8dd0fea847727d0f111df73187d8f78b67479c9225cfc7c32860a915dd5832
-
SHA512
699adbc5eed8f93f1e6c324c96379b5ed4da00a5c72df782854f5f0281d6d7c0c2350899b93570a4316b457a96d169aa8226c5199b5adf2c101fb8c0b4321c8c
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-