General
-
Target
LVUCdSAS.bat
-
Size
191B
-
Sample
200503-kgeh8pk7v6
-
MD5
4d0d0cde7b92c8b97f2729cb95f08d3a
-
SHA1
b77bbf7812e9295554ae54b2c35ef5304904f0f5
-
SHA256
b17a151185d86157579c7ecd1903ddfd186f78f1b49899efefda2e943a6b755e
-
SHA512
5ab25f6b4ed8e39c876b939e28848546586c43d4349cd460dd9ed0948b495a000e8e237e0a67f8d14c6f23e88643eac89099c27169926106b91a1ab48bf7c706
Static task
static1
Behavioral task
behavioral1
Sample
LVUCdSAS.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
LVUCdSAS.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/LVUCdSAS
Extracted
C:\59t0ty8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/099343EE9A6C9A82
http://decryptor.cc/099343EE9A6C9A82
Targets
-
-
Target
LVUCdSAS.bat
-
Size
191B
-
MD5
4d0d0cde7b92c8b97f2729cb95f08d3a
-
SHA1
b77bbf7812e9295554ae54b2c35ef5304904f0f5
-
SHA256
b17a151185d86157579c7ecd1903ddfd186f78f1b49899efefda2e943a6b755e
-
SHA512
5ab25f6b4ed8e39c876b939e28848546586c43d4349cd460dd9ed0948b495a000e8e237e0a67f8d14c6f23e88643eac89099c27169926106b91a1ab48bf7c706
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-