General
-
Target
DnRWHnp4.bat
-
Size
195B
-
Sample
200505-mfzh63aq5a
-
MD5
94468061a94b1bdd17ebc1b6bbb3e47b
-
SHA1
b4a5680c8598467c4a916ba37d936606820449be
-
SHA256
3e7bed4a943497b3c8a6874e6981a1f3b1799f14f9a4987829baea095fbba311
-
SHA512
18a6e54cbec9c80d7a03c6af01b1fc538c5d245dad3ea2c48fb2faf3773008fa50e1db201d4246c6019b94717fa7959607d9b71271442b93e787a786e691c166
Static task
static1
Behavioral task
behavioral1
Sample
DnRWHnp4.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
DnRWHnp4.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/DnRWHnp4
Extracted
C:\4711165170-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CA170DC00071CC2E
http://decryptor.cc/CA170DC00071CC2E
Targets
-
-
Target
DnRWHnp4.bat
-
Size
195B
-
MD5
94468061a94b1bdd17ebc1b6bbb3e47b
-
SHA1
b4a5680c8598467c4a916ba37d936606820449be
-
SHA256
3e7bed4a943497b3c8a6874e6981a1f3b1799f14f9a4987829baea095fbba311
-
SHA512
18a6e54cbec9c80d7a03c6af01b1fc538c5d245dad3ea2c48fb2faf3773008fa50e1db201d4246c6019b94717fa7959607d9b71271442b93e787a786e691c166
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-