General
-
Target
zshXy28d.bat
-
Size
195B
-
Sample
200430-nyf45ecsvx
-
MD5
57762b2ecee6c147a6514c848571ffb4
-
SHA1
7e6a6f28a582d92bc3fc1827e7dfa4d78c587706
-
SHA256
a65c6e92ad4af6812ad2515353817627e6a22eeacec2e915c94eac829bba1a54
-
SHA512
f5b1a7faee05e3bce6ebeb259f48ce37d867632c622a13032af281b575b8efc7bd9fb507624fc33ef6ecccbf34482935f1e7ffb484d8fa698bf1c459ae097788
Static task
static1
Behavioral task
behavioral1
Sample
zshXy28d.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
zshXy28d.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/zshXy28d
Extracted
C:\458sv775hy-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/90634376BBF9ECB9
http://decryptor.cc/90634376BBF9ECB9
Targets
-
-
Target
zshXy28d.bat
-
Size
195B
-
MD5
57762b2ecee6c147a6514c848571ffb4
-
SHA1
7e6a6f28a582d92bc3fc1827e7dfa4d78c587706
-
SHA256
a65c6e92ad4af6812ad2515353817627e6a22eeacec2e915c94eac829bba1a54
-
SHA512
f5b1a7faee05e3bce6ebeb259f48ce37d867632c622a13032af281b575b8efc7bd9fb507624fc33ef6ecccbf34482935f1e7ffb484d8fa698bf1c459ae097788
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-