General
-
Target
aa924bdd41c78914cf9c258c5b04d440.bat
-
Size
217B
-
Sample
200523-lk7p3hvqw2
-
MD5
73b18c7ea72367714adfa391d407d44b
-
SHA1
936cfb5cb7073a9e298eed93720a1e73b88b50b8
-
SHA256
efb6eff4932c6a31030f3eff665d0228d063c0fc37fb274278e9ceb7e55f2fe8
-
SHA512
60a9438888dc461e3c90e4df597bbe9420c700f1df7a62ede10b1e44a595336c948b4ec520a4589bc1f2f542d5c6e1b3388f55fead8501b40d843f3dbe3d3c98
Static task
static1
Behavioral task
behavioral1
Sample
aa924bdd41c78914cf9c258c5b04d440.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
aa924bdd41c78914cf9c258c5b04d440.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/aa924bdd41c78914cf9c258c5b04d440
Extracted
C:\62mfmn-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5B24DC294A8BCFD9
http://decryptor.cc/5B24DC294A8BCFD9
Targets
-
-
Target
aa924bdd41c78914cf9c258c5b04d440.bat
-
Size
217B
-
MD5
73b18c7ea72367714adfa391d407d44b
-
SHA1
936cfb5cb7073a9e298eed93720a1e73b88b50b8
-
SHA256
efb6eff4932c6a31030f3eff665d0228d063c0fc37fb274278e9ceb7e55f2fe8
-
SHA512
60a9438888dc461e3c90e4df597bbe9420c700f1df7a62ede10b1e44a595336c948b4ec520a4589bc1f2f542d5c6e1b3388f55fead8501b40d843f3dbe3d3c98
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-