General
-
Target
99360af9cc861d59bad7a24e0049269f.bat
-
Size
222B
-
Sample
200515-qb488gv7m6
-
MD5
2ad8582ff0dcde1f8bd57ad18112a3ab
-
SHA1
3fea34e4ccabf59c98ab20e4e1461db09d3a9c09
-
SHA256
59b5acd22e28997947f8bf93c568b5825c9d053840f76ce881dd638080c3cec3
-
SHA512
f3c5e8611e68bba7567da0723c4236f95480b0962e729ca5741af44e87994afaa87b84e2d18c86aaa890301bb87972e1ec5812aae5b931e9b6e9068ab5b4c977
Static task
static1
Behavioral task
behavioral1
Sample
99360af9cc861d59bad7a24e0049269f.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
99360af9cc861d59bad7a24e0049269f.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/99360af9cc861d59bad7a24e0049269f
Extracted
C:\w4087hlo-read-me.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5A6DF13A92924BD8
http://decryptor.cc/5A6DF13A92924BD8
Targets
-
-
Target
99360af9cc861d59bad7a24e0049269f.bat
-
Size
222B
-
MD5
2ad8582ff0dcde1f8bd57ad18112a3ab
-
SHA1
3fea34e4ccabf59c98ab20e4e1461db09d3a9c09
-
SHA256
59b5acd22e28997947f8bf93c568b5825c9d053840f76ce881dd638080c3cec3
-
SHA512
f3c5e8611e68bba7567da0723c4236f95480b0962e729ca5741af44e87994afaa87b84e2d18c86aaa890301bb87972e1ec5812aae5b931e9b6e9068ab5b4c977
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-