General
-
Target
dSNyAGjr.bat
-
Size
194B
-
Sample
200330-v1plzt7fdj
-
MD5
3263a69061a96c5fcc6be2968f67726a
-
SHA1
b4ec7fe9de7a5954dfc95d69feb5525fef517657
-
SHA256
2d0029cb80898c2b7f7e5c03e6d8fd8f171ffa2ed431a0f02c94b0209d93c2a6
-
SHA512
5c67bbd136b0c48fcfd51e402751e3564dc3b1ba4c713697af9c896c2d6c61a825c66196e5b3bbbec3b76617d31ff8652a82239e90c5df35c7b794297c4441e4
Static task
static1
Behavioral task
behavioral1
Sample
dSNyAGjr.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
dSNyAGjr.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/dSNyAGjr
Extracted
C:\ltp82mg-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/586CF4580BFA49CD
http://decryptor.cc/586CF4580BFA49CD
Targets
-
-
Target
dSNyAGjr.bat
-
Size
194B
-
MD5
3263a69061a96c5fcc6be2968f67726a
-
SHA1
b4ec7fe9de7a5954dfc95d69feb5525fef517657
-
SHA256
2d0029cb80898c2b7f7e5c03e6d8fd8f171ffa2ed431a0f02c94b0209d93c2a6
-
SHA512
5c67bbd136b0c48fcfd51e402751e3564dc3b1ba4c713697af9c896c2d6c61a825c66196e5b3bbbec3b76617d31ff8652a82239e90c5df35c7b794297c4441e4
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-