General
-
Target
b692cd395a2db4aacd53de584ee06ea0.bat
-
Size
215B
-
Sample
200515-db6zfbfhbe
-
MD5
7b613efb2eb2240a79c12ff83b16d370
-
SHA1
c74e994acea6c088e0590c14a99ccada44dd7c12
-
SHA256
ace21c38bbf5a81a0646d2f3d272bf7b43c84e248c3524bdcbb855c8594a0d6e
-
SHA512
7242a8a1d96558ffbc16b91b9a1dbd25a60396da43c9d46b0a57eecceee262bdde40cd44c507a122ee9567882de40c1c75514048b241e62181c0e5a67ea72024
Static task
static1
Behavioral task
behavioral1
Sample
b692cd395a2db4aacd53de584ee06ea0.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
b692cd395a2db4aacd53de584ee06ea0.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/b692cd395a2db4aacd53de584ee06ea0
Extracted
C:\58f8ai-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B5BF4A84C842F97B
http://decryptor.cc/B5BF4A84C842F97B
Targets
-
-
Target
b692cd395a2db4aacd53de584ee06ea0.bat
-
Size
215B
-
MD5
7b613efb2eb2240a79c12ff83b16d370
-
SHA1
c74e994acea6c088e0590c14a99ccada44dd7c12
-
SHA256
ace21c38bbf5a81a0646d2f3d272bf7b43c84e248c3524bdcbb855c8594a0d6e
-
SHA512
7242a8a1d96558ffbc16b91b9a1dbd25a60396da43c9d46b0a57eecceee262bdde40cd44c507a122ee9567882de40c1c75514048b241e62181c0e5a67ea72024
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-