General
-
Target
b71c043af8f45374f5ca116e7598709d.bat
-
Size
222B
-
Sample
200518-r91nwt7ska
-
MD5
edd27812c2073dd84df03f0e332fba8a
-
SHA1
7a5318c5bfd563fe7c2d8a3ca493961d37b5c076
-
SHA256
d32f80b58503753e6a98d745f346b8b3f7735a7785be75a43cb49086d96b92ab
-
SHA512
51c15579a8aec27f543983d6e6543b828156b4ebd8fa7c53b3d4a6ca802f21e69603bd5fc1f3ecbddad1873c6796f291a6a898291509b5fb752f813c71dae7eb
Static task
static1
Behavioral task
behavioral1
Sample
b71c043af8f45374f5ca116e7598709d.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
b71c043af8f45374f5ca116e7598709d.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/b71c043af8f45374f5ca116e7598709d
Extracted
C:\gcw8z1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B61E5FB60667EA5B
http://decryptor.cc/B61E5FB60667EA5B
Targets
-
-
Target
b71c043af8f45374f5ca116e7598709d.bat
-
Size
222B
-
MD5
edd27812c2073dd84df03f0e332fba8a
-
SHA1
7a5318c5bfd563fe7c2d8a3ca493961d37b5c076
-
SHA256
d32f80b58503753e6a98d745f346b8b3f7735a7785be75a43cb49086d96b92ab
-
SHA512
51c15579a8aec27f543983d6e6543b828156b4ebd8fa7c53b3d4a6ca802f21e69603bd5fc1f3ecbddad1873c6796f291a6a898291509b5fb752f813c71dae7eb
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-