General
-
Target
57b8d7c9360eb6128db3304dcfb1f349.bat
-
Size
216B
-
Sample
200525-avp33r1gan
-
MD5
289f5081ad9d2578da55acb1a22535d0
-
SHA1
f326802298635d66b7d8bc9c84ee9f9e2dd6b870
-
SHA256
704944436e9ff0dff889481902b320ce73c1479d15bfddadeba11eccc9de1f4c
-
SHA512
5eb166eade908fbbb9d6baacd2cda114d06620644b8082f6f2c2cd5918b2f4d1b18fae626cf6a609014f376c431972a846a22db36dfbb341b5aa025e1fa37e4d
Static task
static1
Behavioral task
behavioral1
Sample
57b8d7c9360eb6128db3304dcfb1f349.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
57b8d7c9360eb6128db3304dcfb1f349.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/57b8d7c9360eb6128db3304dcfb1f349
Extracted
C:\qq5z97o6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E9A5298CB4C3D401
http://decryptor.cc/E9A5298CB4C3D401
Targets
-
-
Target
57b8d7c9360eb6128db3304dcfb1f349.bat
-
Size
216B
-
MD5
289f5081ad9d2578da55acb1a22535d0
-
SHA1
f326802298635d66b7d8bc9c84ee9f9e2dd6b870
-
SHA256
704944436e9ff0dff889481902b320ce73c1479d15bfddadeba11eccc9de1f4c
-
SHA512
5eb166eade908fbbb9d6baacd2cda114d06620644b8082f6f2c2cd5918b2f4d1b18fae626cf6a609014f376c431972a846a22db36dfbb341b5aa025e1fa37e4d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-