General
-
Target
JFh52PBG.bat
-
Size
195B
-
Sample
200505-9faf279hms
-
MD5
27cfb7797118873eddaffa1b3dfa352a
-
SHA1
04332f9742db8be098ffc355c45e223e2aac778c
-
SHA256
f18541c904b443f13026355bd0f39b9e380f708cbc6799da5de746e3fc980962
-
SHA512
70584344af74c6ea7d80df5956c9fd95877a69e041053194949d30f84f327373d2a2b6328cbb03ef06e6b102736c49c09a77f8356c92530d7d13699f3f846ae5
Static task
static1
Behavioral task
behavioral1
Sample
JFh52PBG.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
JFh52PBG.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/JFh52PBG
Extracted
C:\krz0aw-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/DF44CE8B3125A7CA
http://decryptor.cc/DF44CE8B3125A7CA
Targets
-
-
Target
JFh52PBG.bat
-
Size
195B
-
MD5
27cfb7797118873eddaffa1b3dfa352a
-
SHA1
04332f9742db8be098ffc355c45e223e2aac778c
-
SHA256
f18541c904b443f13026355bd0f39b9e380f708cbc6799da5de746e3fc980962
-
SHA512
70584344af74c6ea7d80df5956c9fd95877a69e041053194949d30f84f327373d2a2b6328cbb03ef06e6b102736c49c09a77f8356c92530d7d13699f3f846ae5
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-