General
-
Target
c509aa5a7dfc8054aa7b969c9b18e245.bat
-
Size
221B
-
Sample
200515-hw581qzkd2
-
MD5
2f633c8f1954a6a34a856ca408955cc0
-
SHA1
fcad0d04ed8366491a60c78bb0210502e2755f91
-
SHA256
a1eabb8f6bb968611704695eecb919d4b989b4882ddc982fea9d14b1a2d43486
-
SHA512
1f5b2b75571fbbd329bf0c89c8d1789424aaddd8b942fdf7579a36fde344b881093022de34570cb3938b038e394ff2c42854cd6f20d493a896105f22b30f009c
Static task
static1
Behavioral task
behavioral1
Sample
c509aa5a7dfc8054aa7b969c9b18e245.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
c509aa5a7dfc8054aa7b969c9b18e245.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/c509aa5a7dfc8054aa7b969c9b18e245
Extracted
C:\p7wl3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E87379AD627A29CF
http://decryptor.cc/E87379AD627A29CF
Targets
-
-
Target
c509aa5a7dfc8054aa7b969c9b18e245.bat
-
Size
221B
-
MD5
2f633c8f1954a6a34a856ca408955cc0
-
SHA1
fcad0d04ed8366491a60c78bb0210502e2755f91
-
SHA256
a1eabb8f6bb968611704695eecb919d4b989b4882ddc982fea9d14b1a2d43486
-
SHA512
1f5b2b75571fbbd329bf0c89c8d1789424aaddd8b942fdf7579a36fde344b881093022de34570cb3938b038e394ff2c42854cd6f20d493a896105f22b30f009c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-