General
-
Target
328013aa2b767f95491e4d8e9372cc46.bat
-
Size
219B
-
Sample
200521-qhrw4l9s42
-
MD5
8da3de41f693d26688864e6e24e5c4f0
-
SHA1
229f10d9481ea1c89a085e76365149ca34ca4614
-
SHA256
de741f43e0b638ccbfadfc41f6e82f8fd2c5b39d4f9f38469affb4d4960487b5
-
SHA512
70d2cb7f7cb47c2b9111d548b4f405ea7b5e95ced055d64e25190200487e174f36f2fe86aaa86c4778c2f6f3c8d10e05ba6a55b808437b2d180a4cee67240386
Static task
static1
Behavioral task
behavioral1
Sample
328013aa2b767f95491e4d8e9372cc46.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
328013aa2b767f95491e4d8e9372cc46.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/328013aa2b767f95491e4d8e9372cc46
Extracted
C:\ow20ox3utq-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F8CAEF7359F44750
http://decryptor.cc/F8CAEF7359F44750
Targets
-
-
Target
328013aa2b767f95491e4d8e9372cc46.bat
-
Size
219B
-
MD5
8da3de41f693d26688864e6e24e5c4f0
-
SHA1
229f10d9481ea1c89a085e76365149ca34ca4614
-
SHA256
de741f43e0b638ccbfadfc41f6e82f8fd2c5b39d4f9f38469affb4d4960487b5
-
SHA512
70d2cb7f7cb47c2b9111d548b4f405ea7b5e95ced055d64e25190200487e174f36f2fe86aaa86c4778c2f6f3c8d10e05ba6a55b808437b2d180a4cee67240386
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-