General
-
Target
8PKf424V.bat
-
Size
198B
-
Sample
200422-ycbnv73xte
-
MD5
24d6ca043665689608a14745e2f15c20
-
SHA1
32b3a89c643355b33e87cd7317562ee28452825b
-
SHA256
ce2c6c231bac94908f739317192888044654566c577b76b2287b361e959fe896
-
SHA512
301d586cb10a5b2bfc352dc66320ca9d57e6e5d15905ffbc46da6599b8462b4b789050ff43ef9f6367e9104527b6624acbf22e3aae4bfbc3689b685a2e4e12f6
Static task
static1
Behavioral task
behavioral1
Sample
8PKf424V.bat
Resource
win7v200410
Behavioral task
behavioral2
Sample
8PKf424V.bat
Resource
win10v200410
Malware Config
Extracted
http://185.103.242.78/pastes/8PKf424V
Extracted
C:\0l6s8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FEAA27A87679DBF4
http://decryptor.cc/FEAA27A87679DBF4
Targets
-
-
Target
8PKf424V.bat
-
Size
198B
-
MD5
24d6ca043665689608a14745e2f15c20
-
SHA1
32b3a89c643355b33e87cd7317562ee28452825b
-
SHA256
ce2c6c231bac94908f739317192888044654566c577b76b2287b361e959fe896
-
SHA512
301d586cb10a5b2bfc352dc66320ca9d57e6e5d15905ffbc46da6599b8462b4b789050ff43ef9f6367e9104527b6624acbf22e3aae4bfbc3689b685a2e4e12f6
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-