General
-
Target
55022f44a9c2dac0916e9db3842398df.bat
-
Size
219B
-
Sample
200515-qegrjvaydj
-
MD5
07ea4461f7fc0758bb7fb455966df5d9
-
SHA1
2df15ea78ad89a7816a69bab5656274115bed854
-
SHA256
dd540cd255b16f023dee940fffa52d054726d7f2c1c9aeaeafc4f594a3e2a5f1
-
SHA512
b0ea53a6359157114b09bddf227d1bfedcd7db302c356e99e1086b736fc003b6a2f40647a6feecf6f5642104bbf8e7b9a49668c29a5f1c0857fcf1538419414d
Static task
static1
Behavioral task
behavioral1
Sample
55022f44a9c2dac0916e9db3842398df.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
55022f44a9c2dac0916e9db3842398df.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/55022f44a9c2dac0916e9db3842398df
Extracted
C:\8hf7h555kv-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A44A9E362E12D1C0
http://decryptor.cc/A44A9E362E12D1C0
Targets
-
-
Target
55022f44a9c2dac0916e9db3842398df.bat
-
Size
219B
-
MD5
07ea4461f7fc0758bb7fb455966df5d9
-
SHA1
2df15ea78ad89a7816a69bab5656274115bed854
-
SHA256
dd540cd255b16f023dee940fffa52d054726d7f2c1c9aeaeafc4f594a3e2a5f1
-
SHA512
b0ea53a6359157114b09bddf227d1bfedcd7db302c356e99e1086b736fc003b6a2f40647a6feecf6f5642104bbf8e7b9a49668c29a5f1c0857fcf1538419414d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-