General
-
Target
wirUgNPj.bat
-
Size
191B
-
Sample
200422-e86sp37l9j
-
MD5
f7a60a2d1640b6b0f51659b777c8ebef
-
SHA1
e403d248ae0737522b78958e25288031339e47a8
-
SHA256
9201c9eb223cfc445263367ec2c92319496cee67f257701ba6658934c70fc0d9
-
SHA512
c03dae3ee619d5f571445e25a06caa2e418357cf54bee48a801a227c9df24121cedead8ff9e32836f5f38195dfb4e2da64310ef61b3fe992edeb6e9139f7438d
Static task
static1
Behavioral task
behavioral1
Sample
wirUgNPj.bat
Resource
win7v200410
Behavioral task
behavioral2
Sample
wirUgNPj.bat
Resource
win10v200410
Malware Config
Extracted
http://185.103.242.78/pastes/wirUgNPj
Extracted
C:\c252lj7xk-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/36763A1B6DFEB689
http://decryptor.cc/36763A1B6DFEB689
Targets
-
-
Target
wirUgNPj.bat
-
Size
191B
-
MD5
f7a60a2d1640b6b0f51659b777c8ebef
-
SHA1
e403d248ae0737522b78958e25288031339e47a8
-
SHA256
9201c9eb223cfc445263367ec2c92319496cee67f257701ba6658934c70fc0d9
-
SHA512
c03dae3ee619d5f571445e25a06caa2e418357cf54bee48a801a227c9df24121cedead8ff9e32836f5f38195dfb4e2da64310ef61b3fe992edeb6e9139f7438d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-