General
-
Target
KTWmE3JA.bat
-
Size
193B
-
Sample
200505-4zplx3a3mn
-
MD5
86e9084080fb1d5b8df7ce17b4205606
-
SHA1
ae45e41a8738289d0b7f5cd8d7bc5d2c5181cf63
-
SHA256
b26ba894edc0ffedb94ed655a6d2613a774ea645b6bde9f0536d6f75c6320a86
-
SHA512
85ec46f47049528e367c95212fbc882e7d3f0968a612864b78a4f98fe0df774be9d2e8512f4eeb78a7cd8d3ac974967d7f8ba599b7baa7279155064a57a9996d
Static task
static1
Behavioral task
behavioral1
Sample
KTWmE3JA.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
KTWmE3JA.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/KTWmE3JA
Extracted
C:\134n6zob2o-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0F00BD47B1130DD8
http://decryptor.cc/0F00BD47B1130DD8
Targets
-
-
Target
KTWmE3JA.bat
-
Size
193B
-
MD5
86e9084080fb1d5b8df7ce17b4205606
-
SHA1
ae45e41a8738289d0b7f5cd8d7bc5d2c5181cf63
-
SHA256
b26ba894edc0ffedb94ed655a6d2613a774ea645b6bde9f0536d6f75c6320a86
-
SHA512
85ec46f47049528e367c95212fbc882e7d3f0968a612864b78a4f98fe0df774be9d2e8512f4eeb78a7cd8d3ac974967d7f8ba599b7baa7279155064a57a9996d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-