General
-
Target
46MBBJZz.bat
-
Size
189B
-
Sample
200501-fzhd6rkjka
-
MD5
c7b71aa9749be55225b17bbaf4b4b9a1
-
SHA1
ec46d8385341aa2152b70d834c898c5fd9c82284
-
SHA256
ca27de823967366e96e0623a33820b1713b1e19439c82d81fe6521e04da48dcb
-
SHA512
3c0c57b1384957bcf30d3c079c6fc7c4a48be99a2148490e078eaa1809dd87d2e5f047f457cc8c9f2e6518f5ef8177d73f739c27076f45ec5deae04be4590e8d
Static task
static1
Behavioral task
behavioral1
Sample
46MBBJZz.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
46MBBJZz.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/46MBBJZz
Extracted
C:\12361-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8CCF28A78ADBB62E
http://decryptor.cc/8CCF28A78ADBB62E
Targets
-
-
Target
46MBBJZz.bat
-
Size
189B
-
MD5
c7b71aa9749be55225b17bbaf4b4b9a1
-
SHA1
ec46d8385341aa2152b70d834c898c5fd9c82284
-
SHA256
ca27de823967366e96e0623a33820b1713b1e19439c82d81fe6521e04da48dcb
-
SHA512
3c0c57b1384957bcf30d3c079c6fc7c4a48be99a2148490e078eaa1809dd87d2e5f047f457cc8c9f2e6518f5ef8177d73f739c27076f45ec5deae04be4590e8d
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-