General
-
Target
U00vnQbF.bat
-
Size
191B
-
Sample
200501-e1cgnnp89a
-
MD5
2300705e455665cbeb1087bfc25c672c
-
SHA1
737493862ea5a0c4de10f4e2fda82000c45e8779
-
SHA256
adba07f4a5d9a769b00d436a0e7c89777664b8cc17bd2515e951572fff8a634f
-
SHA512
26864b6c938379a876018ffcb1c927ff9806cb5fdc93d2088cf59ef3b7487bf81952c9e843d9ae1b3f827f3ba43dc7acf4b2a974e9bbfc709d58215982399911
Static task
static1
Behavioral task
behavioral1
Sample
U00vnQbF.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
U00vnQbF.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/U00vnQbF
Extracted
C:\28b86t67-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5C323C8674D79305
http://decryptor.cc/5C323C8674D79305
Targets
-
-
Target
U00vnQbF.bat
-
Size
191B
-
MD5
2300705e455665cbeb1087bfc25c672c
-
SHA1
737493862ea5a0c4de10f4e2fda82000c45e8779
-
SHA256
adba07f4a5d9a769b00d436a0e7c89777664b8cc17bd2515e951572fff8a634f
-
SHA512
26864b6c938379a876018ffcb1c927ff9806cb5fdc93d2088cf59ef3b7487bf81952c9e843d9ae1b3f827f3ba43dc7acf4b2a974e9bbfc709d58215982399911
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-