General
-
Target
9sqN4BDv.bat
-
Size
192B
-
Sample
200324-bdvg4c9eya
-
MD5
cc0b34e285a2bb5b9ab6cd4d0592c578
-
SHA1
6aecda27a86b4d3b07cb48a9df62aa6939372b6b
-
SHA256
a13613d7952a7e6474f41c2fcf650bec3e50ee027145a402bba895ab8297b4f1
-
SHA512
e30461021be4fe4bb764cb8763e8c2da51c14d0dad429ac8daae5a7a14591949d3ee2be520eb32cdf423ff7e4bbb85d4927b2ac597591c6d1ace11d28c534447
Static task
static1
Behavioral task
behavioral1
Sample
9sqN4BDv.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
9sqN4BDv.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/9sqN4BDv
Extracted
C:\9vdg210-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6EEA68D9D46B398A
http://decryptor.cc/6EEA68D9D46B398A
Targets
-
-
Target
9sqN4BDv.bat
-
Size
192B
-
MD5
cc0b34e285a2bb5b9ab6cd4d0592c578
-
SHA1
6aecda27a86b4d3b07cb48a9df62aa6939372b6b
-
SHA256
a13613d7952a7e6474f41c2fcf650bec3e50ee027145a402bba895ab8297b4f1
-
SHA512
e30461021be4fe4bb764cb8763e8c2da51c14d0dad429ac8daae5a7a14591949d3ee2be520eb32cdf423ff7e4bbb85d4927b2ac597591c6d1ace11d28c534447
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Sets desktop wallpaper using registry
-