General
-
Target
d1877c68f3069baaba0945b8757673ec.bat
-
Size
215B
-
Sample
200515-2s67c4nc92
-
MD5
817fbcf1b7178faa76c685ba5a0b743c
-
SHA1
0cf6888a56236922870dd081c5dae021dce11edb
-
SHA256
a3a05267f69aea3e5267b4decce625bdb02f070329fa8026b9f188dbe2e6efa7
-
SHA512
5b1ef7769d9ff3c1ebdf3214e6177091f479607ee15f43aed510467b71faccef67a7463658b8aebdd431bc1c942f2b4d6aa3c690974f0ed0b3cb34e36558b64a
Static task
static1
Behavioral task
behavioral1
Sample
d1877c68f3069baaba0945b8757673ec.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
d1877c68f3069baaba0945b8757673ec.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/d1877c68f3069baaba0945b8757673ec
Extracted
C:\t6l3ng3g4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E617B63C1A7A8EC1
http://decryptor.cc/E617B63C1A7A8EC1
Targets
-
-
Target
d1877c68f3069baaba0945b8757673ec.bat
-
Size
215B
-
MD5
817fbcf1b7178faa76c685ba5a0b743c
-
SHA1
0cf6888a56236922870dd081c5dae021dce11edb
-
SHA256
a3a05267f69aea3e5267b4decce625bdb02f070329fa8026b9f188dbe2e6efa7
-
SHA512
5b1ef7769d9ff3c1ebdf3214e6177091f479607ee15f43aed510467b71faccef67a7463658b8aebdd431bc1c942f2b4d6aa3c690974f0ed0b3cb34e36558b64a
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-