General
-
Target
76268c9536af4328d6c0da30152c5045.bat
-
Size
215B
-
Sample
200520-1kdrewlwwj
-
MD5
572a573b2da48bc8e094db663f4d54cd
-
SHA1
3f06e7dc06fac49d4c675ad67cd2ba2113fb6d1e
-
SHA256
8f7ad3b1ae4a99516d4e47fa682097895f767f07cbaf4ac432636610ca16a237
-
SHA512
d90c574c7012e4e58968023d625d18ccf5f713a2a9888e86bb10d692b5db6d9496cc0f3de1778ddfafebf64b5146ca625a58e09e2a939e7140cea9a00521b30d
Static task
static1
Behavioral task
behavioral1
Sample
76268c9536af4328d6c0da30152c5045.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
76268c9536af4328d6c0da30152c5045.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/76268c9536af4328d6c0da30152c5045
Extracted
C:\4702c1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5B753BD63BD6B200
http://decryptor.cc/5B753BD63BD6B200
Targets
-
-
Target
76268c9536af4328d6c0da30152c5045.bat
-
Size
215B
-
MD5
572a573b2da48bc8e094db663f4d54cd
-
SHA1
3f06e7dc06fac49d4c675ad67cd2ba2113fb6d1e
-
SHA256
8f7ad3b1ae4a99516d4e47fa682097895f767f07cbaf4ac432636610ca16a237
-
SHA512
d90c574c7012e4e58968023d625d18ccf5f713a2a9888e86bb10d692b5db6d9496cc0f3de1778ddfafebf64b5146ca625a58e09e2a939e7140cea9a00521b30d
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-