General
-
Target
d9m2D1ds.bat
-
Size
195B
-
Sample
200502-frqqwqaqvj
-
MD5
6e7b679050b6a217806403c4caeba81a
-
SHA1
98883268db2d45bea8e55862916cc88253aef3ed
-
SHA256
cb1606e450c581937346e52cb3296fef1a6579bac3b8f21c20cb504b1d73fa95
-
SHA512
bc63deef825deaacfd533b60551b5b91ae5925463e3bd92aeccec6c043c4f841d1d660ea7f14071d7483fca0c2cb27b24c1608e2a3a147dfe02d93d1d340bc55
Static task
static1
Behavioral task
behavioral1
Sample
d9m2D1ds.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
d9m2D1ds.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/d9m2D1ds
Extracted
C:\52cpxh1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3CC24F6FDDFCE86E
http://decryptor.cc/3CC24F6FDDFCE86E
Targets
-
-
Target
d9m2D1ds.bat
-
Size
195B
-
MD5
6e7b679050b6a217806403c4caeba81a
-
SHA1
98883268db2d45bea8e55862916cc88253aef3ed
-
SHA256
cb1606e450c581937346e52cb3296fef1a6579bac3b8f21c20cb504b1d73fa95
-
SHA512
bc63deef825deaacfd533b60551b5b91ae5925463e3bd92aeccec6c043c4f841d1d660ea7f14071d7483fca0c2cb27b24c1608e2a3a147dfe02d93d1d340bc55
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-