General
-
Target
TG4Rrn07.bat
-
Size
196B
-
Sample
200504-yx4z4ph4ys
-
MD5
36415cbe52b3dbeb2af9a30c6815a0c5
-
SHA1
25d0489eedaaaef75455ece1a89485cca32a0a9c
-
SHA256
ce54af523565e53dcd1273a581513a9fec0bdaef947c269bb4cc8b6b2d70c201
-
SHA512
de5b0ee7eae56f9d6992c512f6a090941da641f6a7eb17ce46d4d743856d08de53886a72cda6ca87cd678aca2fe15b018093b297a0f35016370b90754bb26500
Static task
static1
Behavioral task
behavioral1
Sample
TG4Rrn07.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
TG4Rrn07.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/TG4Rrn07
Extracted
C:\dc5v2ye0p9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/038CBD1E4C6AA933
http://decryptor.cc/038CBD1E4C6AA933
Targets
-
-
Target
TG4Rrn07.bat
-
Size
196B
-
MD5
36415cbe52b3dbeb2af9a30c6815a0c5
-
SHA1
25d0489eedaaaef75455ece1a89485cca32a0a9c
-
SHA256
ce54af523565e53dcd1273a581513a9fec0bdaef947c269bb4cc8b6b2d70c201
-
SHA512
de5b0ee7eae56f9d6992c512f6a090941da641f6a7eb17ce46d4d743856d08de53886a72cda6ca87cd678aca2fe15b018093b297a0f35016370b90754bb26500
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-