General
-
Target
sPECbGga.bat
-
Size
194B
-
Sample
200325-bg9n5gpk6x
-
MD5
d94d07f2df93865d06f702c261adb86c
-
SHA1
9ee4126797bb94f0395cca50216938d0e1c8d02b
-
SHA256
9ad514765ac2d6d77c2e2a5d645c162006849ba95b1c3cbb40377c2ec9a229e2
-
SHA512
1fa7ec3e2f2492fbdf85992aaee0db311410e627a2f63556facc24cd05efb08977ac14e7d06fee791f9dab9587f3b09b2333e03252fd6ecc1070c627365e4a14
Static task
static1
Behavioral task
behavioral1
Sample
sPECbGga.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
sPECbGga.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/sPECbGga
Extracted
C:\1z17ud3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D19E534FFA58C331
http://decryptor.cc/D19E534FFA58C331
Targets
-
-
Target
sPECbGga.bat
-
Size
194B
-
MD5
d94d07f2df93865d06f702c261adb86c
-
SHA1
9ee4126797bb94f0395cca50216938d0e1c8d02b
-
SHA256
9ad514765ac2d6d77c2e2a5d645c162006849ba95b1c3cbb40377c2ec9a229e2
-
SHA512
1fa7ec3e2f2492fbdf85992aaee0db311410e627a2f63556facc24cd05efb08977ac14e7d06fee791f9dab9587f3b09b2333e03252fd6ecc1070c627365e4a14
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-