General
-
Target
4tM71hqZ.bat
-
Size
198B
-
Sample
200501-2gph733pdx
-
MD5
b883baec628ab0b3bae209a8d1d0a339
-
SHA1
79bbacc2b6ed81d4146b58f8a100fb83acba1e0c
-
SHA256
4c2d46061923d9aec3c2a9788f4c17d1815adf849edfe6acc0a0343a5484b752
-
SHA512
17cdc7879abe666c1893a5cf17d63ae9d22804a76c2d11a623a68118ac2ef0043c40ae6c2a8c558161bd180ab1d4bcd38342a88ae319fd57ecb7daf7b50d2735
Static task
static1
Behavioral task
behavioral1
Sample
4tM71hqZ.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
4tM71hqZ.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/4tM71hqZ
Extracted
C:\39p89ngw-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D8BD55EFC979DC01
http://decryptor.cc/D8BD55EFC979DC01
Targets
-
-
Target
4tM71hqZ.bat
-
Size
198B
-
MD5
b883baec628ab0b3bae209a8d1d0a339
-
SHA1
79bbacc2b6ed81d4146b58f8a100fb83acba1e0c
-
SHA256
4c2d46061923d9aec3c2a9788f4c17d1815adf849edfe6acc0a0343a5484b752
-
SHA512
17cdc7879abe666c1893a5cf17d63ae9d22804a76c2d11a623a68118ac2ef0043c40ae6c2a8c558161bd180ab1d4bcd38342a88ae319fd57ecb7daf7b50d2735
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-