General
-
Target
u3CD1fs9.bat
-
Size
192B
-
Sample
200418-wef9ejxn8j
-
MD5
775b9f9c687e640c4e5a65c9512ef573
-
SHA1
920bb3ec6c979520acefcb233670b18446ed09e9
-
SHA256
97b4b68e56ffee83aa062e9f016df1f5c2e280b6df581deec97ced89667e8d1b
-
SHA512
e41e431075bf6869cfa5b1e90c267545f30bf7548fb91e7d729292b2a20b376553807ff45970250bf53e568cdc894e4482c77e82b98ac8c84403cd31d73b2a69
Static task
static1
Behavioral task
behavioral1
Sample
u3CD1fs9.bat
Resource
win7v200410
Behavioral task
behavioral2
Sample
u3CD1fs9.bat
Resource
win10v200410
Malware Config
Extracted
http://185.103.242.78/pastes/u3CD1fs9
Extracted
C:\609k8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/03A8D9BCBC7CE987
http://decryptor.cc/03A8D9BCBC7CE987
Targets
-
-
Target
u3CD1fs9.bat
-
Size
192B
-
MD5
775b9f9c687e640c4e5a65c9512ef573
-
SHA1
920bb3ec6c979520acefcb233670b18446ed09e9
-
SHA256
97b4b68e56ffee83aa062e9f016df1f5c2e280b6df581deec97ced89667e8d1b
-
SHA512
e41e431075bf6869cfa5b1e90c267545f30bf7548fb91e7d729292b2a20b376553807ff45970250bf53e568cdc894e4482c77e82b98ac8c84403cd31d73b2a69
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-