General
-
Target
74b8e8ad8fe5aea82ec95a707e3c2b94.bat
-
Size
214B
-
Sample
200515-dlbh7xd7ge
-
MD5
220dc0fc858c664ba5223cbab7e4b312
-
SHA1
94f095bd648c7c3f4845e3c419b74baa7662f2ae
-
SHA256
94d89a44ea5da3649df80f6898cb30415f2df92c0060d36d5f9afa3806862a2a
-
SHA512
119c413acb39f51f4d668c5bc48793f60b91717e1623e22d666221c26e78cfa3667e7aa2141b26e15aa3936d86ba498ae280decd9889a77f8706459d0f295772
Static task
static1
Behavioral task
behavioral1
Sample
74b8e8ad8fe5aea82ec95a707e3c2b94.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
74b8e8ad8fe5aea82ec95a707e3c2b94.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/74b8e8ad8fe5aea82ec95a707e3c2b94
Extracted
C:\ysm83m-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CFB753AC85BE73BF
http://decryptor.cc/CFB753AC85BE73BF
Targets
-
-
Target
74b8e8ad8fe5aea82ec95a707e3c2b94.bat
-
Size
214B
-
MD5
220dc0fc858c664ba5223cbab7e4b312
-
SHA1
94f095bd648c7c3f4845e3c419b74baa7662f2ae
-
SHA256
94d89a44ea5da3649df80f6898cb30415f2df92c0060d36d5f9afa3806862a2a
-
SHA512
119c413acb39f51f4d668c5bc48793f60b91717e1623e22d666221c26e78cfa3667e7aa2141b26e15aa3936d86ba498ae280decd9889a77f8706459d0f295772
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-