General
-
Target
a1ced45242d2149282fc0a7230280012.bat
-
Size
217B
-
Sample
200520-fdr261gy8j
-
MD5
41b00aedcf17cecfbeb6362ce3bcd14f
-
SHA1
c18a004d285abadf2b5840c9bb31c5cb9ae3a80c
-
SHA256
33347fdae792b3a0eb66bd0476b6ddcfb4aa1334e8a0de8a7f0aa8b2d07daa50
-
SHA512
1f0c5e210b4485ba274345201f4e5e5a5c30e5d217a347835ff2e759a8522f322d7428d33b9a529ad134930f9d65ccf642f8c84be93dc8cca8aeac40061ec455
Static task
static1
Behavioral task
behavioral1
Sample
a1ced45242d2149282fc0a7230280012.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
a1ced45242d2149282fc0a7230280012.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/a1ced45242d2149282fc0a7230280012
Extracted
C:\qyn76iw4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/364473B984C95D99
http://decryptor.cc/364473B984C95D99
Targets
-
-
Target
a1ced45242d2149282fc0a7230280012.bat
-
Size
217B
-
MD5
41b00aedcf17cecfbeb6362ce3bcd14f
-
SHA1
c18a004d285abadf2b5840c9bb31c5cb9ae3a80c
-
SHA256
33347fdae792b3a0eb66bd0476b6ddcfb4aa1334e8a0de8a7f0aa8b2d07daa50
-
SHA512
1f0c5e210b4485ba274345201f4e5e5a5c30e5d217a347835ff2e759a8522f322d7428d33b9a529ad134930f9d65ccf642f8c84be93dc8cca8aeac40061ec455
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-