General
-
Target
w7MPmXqT.bat
-
Size
196B
-
Sample
200324-d7qd4hh6f2
-
MD5
f27899524a4ad3e77954797a979ba0d8
-
SHA1
281223c4cf1338fa2f2ea469ea8e6f0246b5adb0
-
SHA256
359a07b1df7b142cfd37af0d9cdbc28ace2ca7ffc9bd778fde48bfa501a69d79
-
SHA512
2bf71ad0387cf7c0b48dca5dc95c403fa2bb7539e155505e8f740f5f991cbb4c266bf0bc790a16a4915f7c72bad871ac437f08c19ee918b2386086409a87e97d
Static task
static1
Behavioral task
behavioral1
Sample
w7MPmXqT.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
w7MPmXqT.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/w7MPmXqT
Extracted
C:\j9771lc704-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/1C7CA4BC41FD620E
http://decryptor.cc/1C7CA4BC41FD620E
Targets
-
-
Target
w7MPmXqT.bat
-
Size
196B
-
MD5
f27899524a4ad3e77954797a979ba0d8
-
SHA1
281223c4cf1338fa2f2ea469ea8e6f0246b5adb0
-
SHA256
359a07b1df7b142cfd37af0d9cdbc28ace2ca7ffc9bd778fde48bfa501a69d79
-
SHA512
2bf71ad0387cf7c0b48dca5dc95c403fa2bb7539e155505e8f740f5f991cbb4c266bf0bc790a16a4915f7c72bad871ac437f08c19ee918b2386086409a87e97d
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-