General
-
Target
v8d0sKF3.bat
-
Size
196B
-
Sample
200328-ka6nvr1n4n
-
MD5
263828586e92f4ce98203c704ffbf1c9
-
SHA1
75566486ea9fff4db3c56209a1c0f97cd13e91d2
-
SHA256
19ecdb4b6af666cfb113f1da46dbcbc3d1e8f85f007dbd15e4cdaf1651d86f7d
-
SHA512
eb2c49e503895e55a544e0057be3c36c73329d94ef3e77cad07e225e84e11d1c3f3da2465ff59cc766787f5c68ce9905a9182ab3c2aad32467c6b344d89149cf
Static task
static1
Behavioral task
behavioral1
Sample
v8d0sKF3.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
v8d0sKF3.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/v8d0sKF3
Extracted
C:\41i6h904wd-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A9F4ADBB72C89ACE
http://decryptor.cc/A9F4ADBB72C89ACE
Targets
-
-
Target
v8d0sKF3.bat
-
Size
196B
-
MD5
263828586e92f4ce98203c704ffbf1c9
-
SHA1
75566486ea9fff4db3c56209a1c0f97cd13e91d2
-
SHA256
19ecdb4b6af666cfb113f1da46dbcbc3d1e8f85f007dbd15e4cdaf1651d86f7d
-
SHA512
eb2c49e503895e55a544e0057be3c36c73329d94ef3e77cad07e225e84e11d1c3f3da2465ff59cc766787f5c68ce9905a9182ab3c2aad32467c6b344d89149cf
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-