General
-
Target
ugeUxUR2.bat
-
Size
192B
-
Sample
200419-qysg9t61bn
-
MD5
b32a8a9b873bddb42382092e73e27ef6
-
SHA1
b539fa06c5d88d392f9740b248b692cd129f46d6
-
SHA256
05633aab23dbf5e891b0ab97f4a85b00be890dd17a96ed1a7caed9ebbbd27f04
-
SHA512
62730a9ccfdf743b9b49e413d57e1fdd4edfe875070d11a5e5688be94e6dad964ef7f83e25fcaa1c39ffdee783ad49dcf7e53aa5eca300175ef2e32316413dbc
Static task
static1
Behavioral task
behavioral1
Sample
ugeUxUR2.bat
Resource
win7v200410
Behavioral task
behavioral2
Sample
ugeUxUR2.bat
Resource
win10v200410
Malware Config
Extracted
http://185.103.242.78/pastes/ugeUxUR2
Extracted
C:\35k679233-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0880BDF2560BC8CF
http://decryptor.cc/0880BDF2560BC8CF
Targets
-
-
Target
ugeUxUR2.bat
-
Size
192B
-
MD5
b32a8a9b873bddb42382092e73e27ef6
-
SHA1
b539fa06c5d88d392f9740b248b692cd129f46d6
-
SHA256
05633aab23dbf5e891b0ab97f4a85b00be890dd17a96ed1a7caed9ebbbd27f04
-
SHA512
62730a9ccfdf743b9b49e413d57e1fdd4edfe875070d11a5e5688be94e6dad964ef7f83e25fcaa1c39ffdee783ad49dcf7e53aa5eca300175ef2e32316413dbc
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-