General
-
Target
Cjbh0M3S.bat
-
Size
193B
-
Sample
200430-mey4hts1zj
-
MD5
5d7075d9a1018ed0ee80c0e92c3626cb
-
SHA1
b3ca818f726d96177859eb15d4871525383594bb
-
SHA256
44fb52f56f3b557e8fd8346ecc5536ca63a3c88eac2ce4549565d9501795c91a
-
SHA512
bdd921b5de3eb45836fc4fc1cbb0efdec848a049c3d47d7646ed55927f7ac838480b266d5f361b1d0f99c530dffc4ba45e4962901a30432f1f8c1777bb9ac96c
Static task
static1
Behavioral task
behavioral1
Sample
Cjbh0M3S.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
Cjbh0M3S.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/Cjbh0M3S
Extracted
C:\a21g6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/43AE3FBA7B121249
http://decryptor.cc/43AE3FBA7B121249
Targets
-
-
Target
Cjbh0M3S.bat
-
Size
193B
-
MD5
5d7075d9a1018ed0ee80c0e92c3626cb
-
SHA1
b3ca818f726d96177859eb15d4871525383594bb
-
SHA256
44fb52f56f3b557e8fd8346ecc5536ca63a3c88eac2ce4549565d9501795c91a
-
SHA512
bdd921b5de3eb45836fc4fc1cbb0efdec848a049c3d47d7646ed55927f7ac838480b266d5f361b1d0f99c530dffc4ba45e4962901a30432f1f8c1777bb9ac96c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-