General
-
Target
3Nu9v5ZW.bat
-
Size
195B
-
Sample
200325-entpbzplce
-
MD5
eecd3a82bcdfa01935bc0d836b329a5b
-
SHA1
f26fe622fd6b58796dfb119d4d506758bb63f495
-
SHA256
ab52018e0d9d17dd67e02f4ce6525d4e846f14b36348aab1c7c837c0596ac433
-
SHA512
0842c48d0be5286338d2eee0e7af3643851758cd6504b4f4689b19d4ecc82c714ac7aa3c22f457c3dbe42e391b734949bed000fdbf206b8124367ec6ab0ec474
Static task
static1
Behavioral task
behavioral1
Sample
3Nu9v5ZW.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
3Nu9v5ZW.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/3Nu9v5ZW
Extracted
C:\678l89-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/7E685D5578AF449D
http://decryptor.cc/7E685D5578AF449D
Targets
-
-
Target
3Nu9v5ZW.bat
-
Size
195B
-
MD5
eecd3a82bcdfa01935bc0d836b329a5b
-
SHA1
f26fe622fd6b58796dfb119d4d506758bb63f495
-
SHA256
ab52018e0d9d17dd67e02f4ce6525d4e846f14b36348aab1c7c837c0596ac433
-
SHA512
0842c48d0be5286338d2eee0e7af3643851758cd6504b4f4689b19d4ecc82c714ac7aa3c22f457c3dbe42e391b734949bed000fdbf206b8124367ec6ab0ec474
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-