General
-
Target
geXd8EaG.bat
-
Size
196B
-
Sample
200328-esasbh427s
-
MD5
69cce2af07c45a25f091e8f423a8e230
-
SHA1
2ab0572b53be5b8b30ea3878dcf9e9993617a70e
-
SHA256
0653d143ea2f1032fa55b66c84a2f4bb315e24c5433ad3f7c29454cfe260c700
-
SHA512
6502a55457c73b865a8535599bdb9332b7220a8437d478a02efb33fb043afa2f531f0e4d45e8fbc21b06d31b6874357f087902636aa91d6fba11b7053e3958ad
Static task
static1
Behavioral task
behavioral1
Sample
geXd8EaG.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
geXd8EaG.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/geXd8EaG
Extracted
C:\y14b9666kf-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6D9B32461FE97EE8
http://decryptor.cc/6D9B32461FE97EE8
Targets
-
-
Target
geXd8EaG.bat
-
Size
196B
-
MD5
69cce2af07c45a25f091e8f423a8e230
-
SHA1
2ab0572b53be5b8b30ea3878dcf9e9993617a70e
-
SHA256
0653d143ea2f1032fa55b66c84a2f4bb315e24c5433ad3f7c29454cfe260c700
-
SHA512
6502a55457c73b865a8535599bdb9332b7220a8437d478a02efb33fb043afa2f531f0e4d45e8fbc21b06d31b6874357f087902636aa91d6fba11b7053e3958ad
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-