General
-
Target
1f7cfad9c19adfc78abd3241e8f95952.bat
-
Size
221B
-
Sample
200515-vqd6eds3en
-
MD5
a53b25ea0b566a9f0420007a3d2244af
-
SHA1
eea1e4d5fa16beec4e8cc02e0310345271825017
-
SHA256
91ab18506b352621e098b6e9f0466b7d7b89cd8c70219f71e31d1c689889433b
-
SHA512
1afaad2d92aeee642b9a0802f772b18682942d48fd12eb3f1bf8a30afb3d34a6cf29f05b31c6ea4b12f1d9a1c30e3687ff5eb03b6abb58da8cf0d93d1c106b9e
Static task
static1
Behavioral task
behavioral1
Sample
1f7cfad9c19adfc78abd3241e8f95952.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
1f7cfad9c19adfc78abd3241e8f95952.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/1f7cfad9c19adfc78abd3241e8f95952
Extracted
C:\xf62y6e8oc-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/84386979D1DC97D2
http://decryptor.cc/84386979D1DC97D2
Targets
-
-
Target
1f7cfad9c19adfc78abd3241e8f95952.bat
-
Size
221B
-
MD5
a53b25ea0b566a9f0420007a3d2244af
-
SHA1
eea1e4d5fa16beec4e8cc02e0310345271825017
-
SHA256
91ab18506b352621e098b6e9f0466b7d7b89cd8c70219f71e31d1c689889433b
-
SHA512
1afaad2d92aeee642b9a0802f772b18682942d48fd12eb3f1bf8a30afb3d34a6cf29f05b31c6ea4b12f1d9a1c30e3687ff5eb03b6abb58da8cf0d93d1c106b9e
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-