General
-
Target
29ec9038cabce56dc3ae0d2ee20d9ed1.bat
-
Size
218B
-
Sample
200521-6w4gygh8sn
-
MD5
b85f82f85e6208e52b6c015cd92e274d
-
SHA1
367648ab3b293615c8b98a358c8b0cf5cf69950a
-
SHA256
6d611f64b2ac03203102331de336feb8d67ea6e9f258e1b245614e239dd1df80
-
SHA512
15ee6c6c54e1ccaaf594adc6cf271634684669c55dfe1a853429f374fe2eb53b92642c373a0836b3e55f98c2b7bc874b0ad5cf650a593811173ae7bd2a567e12
Static task
static1
Behavioral task
behavioral1
Sample
29ec9038cabce56dc3ae0d2ee20d9ed1.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
29ec9038cabce56dc3ae0d2ee20d9ed1.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/29ec9038cabce56dc3ae0d2ee20d9ed1
Extracted
C:\i449h0d19-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B5220888DF7426CB
http://decryptor.cc/B5220888DF7426CB
Targets
-
-
Target
29ec9038cabce56dc3ae0d2ee20d9ed1.bat
-
Size
218B
-
MD5
b85f82f85e6208e52b6c015cd92e274d
-
SHA1
367648ab3b293615c8b98a358c8b0cf5cf69950a
-
SHA256
6d611f64b2ac03203102331de336feb8d67ea6e9f258e1b245614e239dd1df80
-
SHA512
15ee6c6c54e1ccaaf594adc6cf271634684669c55dfe1a853429f374fe2eb53b92642c373a0836b3e55f98c2b7bc874b0ad5cf650a593811173ae7bd2a567e12
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-