General
-
Target
Dt35j2GH.bat
-
Size
194B
-
Sample
200325-gb2gywbjjn
-
MD5
1d03256dd605ecc28c8d56afd64e6de1
-
SHA1
16112901ee26827bf7fe72ce49405556b3b6ed3c
-
SHA256
c29bb05f17fa7ccd0468b3f9c2ecf1e1f2298cf15b7281c2f9de2396fcedaf4c
-
SHA512
14f5dbfd28cd36ad309dff3b1714ba35a8e86e749e165860b9cdf0fb966813465eb153041fa34a6dbc4b5b85f69056433372beb52e80f97f3bb766b0da7a6cf5
Static task
static1
Behavioral task
behavioral1
Sample
Dt35j2GH.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
Dt35j2GH.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/Dt35j2GH
Extracted
C:\ozo9948-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F0B8CCFF63C65410
http://decryptor.cc/F0B8CCFF63C65410
Targets
-
-
Target
Dt35j2GH.bat
-
Size
194B
-
MD5
1d03256dd605ecc28c8d56afd64e6de1
-
SHA1
16112901ee26827bf7fe72ce49405556b3b6ed3c
-
SHA256
c29bb05f17fa7ccd0468b3f9c2ecf1e1f2298cf15b7281c2f9de2396fcedaf4c
-
SHA512
14f5dbfd28cd36ad309dff3b1714ba35a8e86e749e165860b9cdf0fb966813465eb153041fa34a6dbc4b5b85f69056433372beb52e80f97f3bb766b0da7a6cf5
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-