General
-
Target
bRDkHdRf.bat
-
Size
189B
-
Sample
200422-f1t6l1kea2
-
MD5
b0fdd8126abe00e3607bc60b33cfd211
-
SHA1
22fe9dfc70b79b53d6a958d30c42dd7640554e8d
-
SHA256
8508a74435256a2c8472db03d6c09f8ac0d60ded076803d1dc9e5bec75b162ac
-
SHA512
cc6eab2d339081bce0d73366bda16a138f53f6ee31b0d39a23ffbe4dfb68511a8d0917092296706b8d9fba32d0aa0efea2d9c89b88baaa5f2b36fe426302514d
Static task
static1
Behavioral task
behavioral1
Sample
bRDkHdRf.bat
Resource
win7v200410
Behavioral task
behavioral2
Sample
bRDkHdRf.bat
Resource
win10v200410
Malware Config
Extracted
http://185.103.242.78/pastes/bRDkHdRf
Extracted
C:\ivx701a929-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FB14B9B4438547FC
http://decryptor.cc/FB14B9B4438547FC
Targets
-
-
Target
bRDkHdRf.bat
-
Size
189B
-
MD5
b0fdd8126abe00e3607bc60b33cfd211
-
SHA1
22fe9dfc70b79b53d6a958d30c42dd7640554e8d
-
SHA256
8508a74435256a2c8472db03d6c09f8ac0d60ded076803d1dc9e5bec75b162ac
-
SHA512
cc6eab2d339081bce0d73366bda16a138f53f6ee31b0d39a23ffbe4dfb68511a8d0917092296706b8d9fba32d0aa0efea2d9c89b88baaa5f2b36fe426302514d
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-