General
-
Target
b63535d35f9c9567c0746741d709d3ec.bat
-
Size
215B
-
Sample
200519-w2hsrnw3lx
-
MD5
af820466ba8a425cc2616229818a51cf
-
SHA1
9b8b46c04b3e16d6c6b98db7ed9423b2c7ba78bb
-
SHA256
1a887694ba9f6fda88acd9489627ab0c6aecb03059490ece4c94af2007d9867c
-
SHA512
eb7f0b0f20201774182cedd5df9a0d22be50128cac83341bccee3521d86cd8f029f2f921b54fd17da28ffc9be3eb579dcd12207be8abd4c109bc9148fe59b186
Static task
static1
Behavioral task
behavioral1
Sample
b63535d35f9c9567c0746741d709d3ec.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
b63535d35f9c9567c0746741d709d3ec.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/b63535d35f9c9567c0746741d709d3ec
Extracted
C:\03jxs-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5F471805E27ADD53
http://decryptor.cc/5F471805E27ADD53
Targets
-
-
Target
b63535d35f9c9567c0746741d709d3ec.bat
-
Size
215B
-
MD5
af820466ba8a425cc2616229818a51cf
-
SHA1
9b8b46c04b3e16d6c6b98db7ed9423b2c7ba78bb
-
SHA256
1a887694ba9f6fda88acd9489627ab0c6aecb03059490ece4c94af2007d9867c
-
SHA512
eb7f0b0f20201774182cedd5df9a0d22be50128cac83341bccee3521d86cd8f029f2f921b54fd17da28ffc9be3eb579dcd12207be8abd4c109bc9148fe59b186
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-