General
-
Target
Muz2mJiJ.bat
-
Size
189B
-
Sample
200430-5yryz7akqn
-
MD5
bb4861fd9b1cd958fbdd63202aaf58a1
-
SHA1
2646649376f6f3d50a9c2c07e1cad41e7100c17c
-
SHA256
c3db21a3bdac87c8d424b99e8982e5ab86b8f648e7ec7c9268ea50621aa0c718
-
SHA512
c6813ea6762f16b446d053073ada0da7417e0160f265c9ed8244d6fd233b7c5c122ca9a5662076fd7afdc5644e0bd6d059cf3542142a5c3ff228574f41d909a8
Static task
static1
Behavioral task
behavioral1
Sample
Muz2mJiJ.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
Muz2mJiJ.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/Muz2mJiJ
Extracted
C:\sm4at8zor-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F69439FE956460C6
http://decryptor.cc/F69439FE956460C6
Targets
-
-
Target
Muz2mJiJ.bat
-
Size
189B
-
MD5
bb4861fd9b1cd958fbdd63202aaf58a1
-
SHA1
2646649376f6f3d50a9c2c07e1cad41e7100c17c
-
SHA256
c3db21a3bdac87c8d424b99e8982e5ab86b8f648e7ec7c9268ea50621aa0c718
-
SHA512
c6813ea6762f16b446d053073ada0da7417e0160f265c9ed8244d6fd233b7c5c122ca9a5662076fd7afdc5644e0bd6d059cf3542142a5c3ff228574f41d909a8
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-