General
-
Target
mUNetnda.bat
-
Size
190B
-
Sample
200401-v44hyvqg1e
-
MD5
8d47ed92c538cfd43a00b6489d8b4af4
-
SHA1
f5b96923c6ba26d2cc1b8d7931c713ced4c9a8b3
-
SHA256
fdb71ddc395ffaf887e8f74472c3d02d098a948b96eb4a022f8ab36d3232a507
-
SHA512
18a320853db978eae913be9170806265455a882d72f2a853d4747623a6940240824c3ed952457fea512ec6d9ef3f7fd2b2f790dccf904c205594cf2e06eb4586
Static task
static1
Behavioral task
behavioral1
Sample
mUNetnda.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
mUNetnda.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/mUNetnda
Extracted
C:\y36kj7e8g6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/1362AA18C9D26876
http://decryptor.cc/1362AA18C9D26876
Targets
-
-
Target
mUNetnda.bat
-
Size
190B
-
MD5
8d47ed92c538cfd43a00b6489d8b4af4
-
SHA1
f5b96923c6ba26d2cc1b8d7931c713ced4c9a8b3
-
SHA256
fdb71ddc395ffaf887e8f74472c3d02d098a948b96eb4a022f8ab36d3232a507
-
SHA512
18a320853db978eae913be9170806265455a882d72f2a853d4747623a6940240824c3ed952457fea512ec6d9ef3f7fd2b2f790dccf904c205594cf2e06eb4586
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-