General
-
Target
Gwbr3aud.bat
-
Size
189B
-
Sample
200325-v2sv4vjxlj
-
MD5
bedcf382904ffd9d90787b2dd3ad81a2
-
SHA1
56128ffdde214dd351e2f1c0be362a632d065aa7
-
SHA256
051c9112f4294354c647723d8645889eaf36dc198a7e28fbe2f6e229da623a00
-
SHA512
e52d5ce4f80d49034e5429e2c0ebec13e8a9c10b467c3368b1042136f810098cb1ea4d238230c82082025c20c8f54ed69dcbe99df5048d03d95af103100a0a3b
Static task
static1
Behavioral task
behavioral1
Sample
Gwbr3aud.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
Gwbr3aud.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/Gwbr3aud
Extracted
C:\q2p91h1cnh-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5127E8D3A8777106
http://decryptor.cc/5127E8D3A8777106
Targets
-
-
Target
Gwbr3aud.bat
-
Size
189B
-
MD5
bedcf382904ffd9d90787b2dd3ad81a2
-
SHA1
56128ffdde214dd351e2f1c0be362a632d065aa7
-
SHA256
051c9112f4294354c647723d8645889eaf36dc198a7e28fbe2f6e229da623a00
-
SHA512
e52d5ce4f80d49034e5429e2c0ebec13e8a9c10b467c3368b1042136f810098cb1ea4d238230c82082025c20c8f54ed69dcbe99df5048d03d95af103100a0a3b
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-