General
-
Target
d4a380d12c8f386aeaa2ab8a1f33067f.bat
-
Size
218B
-
Sample
200515-n4729m3lkn
-
MD5
67895090003d0e397d064545c799e1b7
-
SHA1
b1864fd30e1c39495ed72a9cdf4744446233cc4d
-
SHA256
3c3e7899e6b30a6296d9e7e6a4c25ac2bdd7aa646176afbea2c2dc5198c2874e
-
SHA512
3492801a8dda9940ad6fdc7d76d3bd876fa7bf0ed30a62b8113ae39f460eeb7d28ff3b1db77b8c9dc61880be1c2137c1c3e68be77f1f6101741e5054599458de
Static task
static1
Behavioral task
behavioral1
Sample
d4a380d12c8f386aeaa2ab8a1f33067f.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
d4a380d12c8f386aeaa2ab8a1f33067f.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/d4a380d12c8f386aeaa2ab8a1f33067f
Extracted
C:\m4s23m-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/48B8DFF1F3BFE3B2
http://decryptor.cc/48B8DFF1F3BFE3B2
Targets
-
-
Target
d4a380d12c8f386aeaa2ab8a1f33067f.bat
-
Size
218B
-
MD5
67895090003d0e397d064545c799e1b7
-
SHA1
b1864fd30e1c39495ed72a9cdf4744446233cc4d
-
SHA256
3c3e7899e6b30a6296d9e7e6a4c25ac2bdd7aa646176afbea2c2dc5198c2874e
-
SHA512
3492801a8dda9940ad6fdc7d76d3bd876fa7bf0ed30a62b8113ae39f460eeb7d28ff3b1db77b8c9dc61880be1c2137c1c3e68be77f1f6101741e5054599458de
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-