General
-
Target
d414776d8291887b69e7e08716350a94.bat
-
Size
216B
-
Sample
200515-3qx3a5pc7x
-
MD5
44b1551634044bfd5c2101792984ab6a
-
SHA1
c1c890dd032188b9c1488e5cf4ff4f22d88b74e5
-
SHA256
d3acbb0ddca79d785f4a3c766cceeb94bc468b19bfa0ba495af8182fbd9c55a4
-
SHA512
faae8800cab7d6fa3470130c293609b65607156bcb9403ac83e9cd20a4dfeea2c689287b066320dd344415d189fe9d01f2a2913f1d51c008da36b18a62bbd677
Static task
static1
Behavioral task
behavioral1
Sample
d414776d8291887b69e7e08716350a94.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
d414776d8291887b69e7e08716350a94.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/d414776d8291887b69e7e08716350a94
Extracted
C:\3uxah42q-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B5B9A722923F5083
http://decryptor.cc/B5B9A722923F5083
Targets
-
-
Target
d414776d8291887b69e7e08716350a94.bat
-
Size
216B
-
MD5
44b1551634044bfd5c2101792984ab6a
-
SHA1
c1c890dd032188b9c1488e5cf4ff4f22d88b74e5
-
SHA256
d3acbb0ddca79d785f4a3c766cceeb94bc468b19bfa0ba495af8182fbd9c55a4
-
SHA512
faae8800cab7d6fa3470130c293609b65607156bcb9403ac83e9cd20a4dfeea2c689287b066320dd344415d189fe9d01f2a2913f1d51c008da36b18a62bbd677
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-