General
-
Target
9e366799514a8ce5bccab4fc1af01e1f.bat
-
Size
213B
-
Sample
200521-vnmzjr4f5s
-
MD5
7563bdc5ef2e60e4af282d344dbde9ff
-
SHA1
87ec59517e50fe716e21c255f572e11e0b810619
-
SHA256
a15036f075ca149cc6635c5eb2cb1bab41c2462e3ad0d2b36513aa29099d1424
-
SHA512
178d9cca7b3a22c9fa0c5eaa052397bf36c815d64999ed5dc05d4e5922fcd28e7807a3ba8e3811e472838ec7de9746aa5cbd778ae48268e6af92a78f347c3f5f
Static task
static1
Behavioral task
behavioral1
Sample
9e366799514a8ce5bccab4fc1af01e1f.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
9e366799514a8ce5bccab4fc1af01e1f.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/9e366799514a8ce5bccab4fc1af01e1f
Extracted
C:\j1x6ccx522-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/736B31DC4CA46E7E
http://decryptor.cc/736B31DC4CA46E7E
Targets
-
-
Target
9e366799514a8ce5bccab4fc1af01e1f.bat
-
Size
213B
-
MD5
7563bdc5ef2e60e4af282d344dbde9ff
-
SHA1
87ec59517e50fe716e21c255f572e11e0b810619
-
SHA256
a15036f075ca149cc6635c5eb2cb1bab41c2462e3ad0d2b36513aa29099d1424
-
SHA512
178d9cca7b3a22c9fa0c5eaa052397bf36c815d64999ed5dc05d4e5922fcd28e7807a3ba8e3811e472838ec7de9746aa5cbd778ae48268e6af92a78f347c3f5f
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-