General
-
Target
5vdSy6qw.bat
-
Size
193B
-
Sample
200505-rna214hzhx
-
MD5
031ebf32ddffd201aadeb038ae3a4c5a
-
SHA1
3007f3c3cb507ef5f37dffb7f60bed5e320ffbb3
-
SHA256
2a6d148ce00d67fab5032507fb35d9b9aadf262f50241285499a9432995d56e3
-
SHA512
87dfa36b43b402c579dec4890f2208dd45adc6cea8d5e781b1d26505e85701229e491a3cc1b34eb9d823246703ee547a975156e53a5847625a16ffec85ed8a83
Static task
static1
Behavioral task
behavioral1
Sample
5vdSy6qw.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
5vdSy6qw.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/5vdSy6qw
Extracted
C:\68ydq-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EDC146CB8A1B7991
http://decryptor.cc/EDC146CB8A1B7991
Targets
-
-
Target
5vdSy6qw.bat
-
Size
193B
-
MD5
031ebf32ddffd201aadeb038ae3a4c5a
-
SHA1
3007f3c3cb507ef5f37dffb7f60bed5e320ffbb3
-
SHA256
2a6d148ce00d67fab5032507fb35d9b9aadf262f50241285499a9432995d56e3
-
SHA512
87dfa36b43b402c579dec4890f2208dd45adc6cea8d5e781b1d26505e85701229e491a3cc1b34eb9d823246703ee547a975156e53a5847625a16ffec85ed8a83
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-