General
-
Target
Me2v4MuS.bat
-
Size
197B
-
Sample
200422-rags5wb88x
-
MD5
9fe4e52640dd89fd2bffd7679d5427c1
-
SHA1
cb782152f0425e231fc8a2e8efa34a0fb13b07a9
-
SHA256
431072d009a13cdfad92609c787cd58680f40d778bb435bf6c6eb29edc7558a0
-
SHA512
f9507bfd78c53ec37cb98e3060f4f88ef6326493cc1dcd7c9248c71005495a3a5e97d0ef27a95ee79c3128ac7993e97483b1d2fbdffbabf627bab9386d7079be
Static task
static1
Behavioral task
behavioral1
Sample
Me2v4MuS.bat
Resource
win7v200410
Behavioral task
behavioral2
Sample
Me2v4MuS.bat
Resource
win10v200410
Malware Config
Extracted
http://185.103.242.78/pastes/Me2v4MuS
Extracted
C:\6n56wyp030-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F103D4F6A74E6F10
http://decryptor.cc/F103D4F6A74E6F10
Targets
-
-
Target
Me2v4MuS.bat
-
Size
197B
-
MD5
9fe4e52640dd89fd2bffd7679d5427c1
-
SHA1
cb782152f0425e231fc8a2e8efa34a0fb13b07a9
-
SHA256
431072d009a13cdfad92609c787cd58680f40d778bb435bf6c6eb29edc7558a0
-
SHA512
f9507bfd78c53ec37cb98e3060f4f88ef6326493cc1dcd7c9248c71005495a3a5e97d0ef27a95ee79c3128ac7993e97483b1d2fbdffbabf627bab9386d7079be
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-