General
-
Target
ef447ab5d2ae0a9d701c838651e09c94.bat
-
Size
222B
-
Sample
200601-8y6pgd59e6
-
MD5
c5368e48c478684dfe98d32e80ae5937
-
SHA1
306390ba49636df25818c32788ed3fe603394007
-
SHA256
80a177482b2efdaad3bf92dd550933e4a859bfc987e2511c301838d687fdfe86
-
SHA512
080141c425524360ce79c56e3de9f7196c4527001ed7c763056876ef2c5dd078a9751f7e3a87a0914928327b218428870e07f979d1c26a29390112142df55fbe
Static task
static1
Behavioral task
behavioral1
Sample
ef447ab5d2ae0a9d701c838651e09c94.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
ef447ab5d2ae0a9d701c838651e09c94.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/ef447ab5d2ae0a9d701c838651e09c94
Extracted
C:\ak80t6qf0w-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/25BA0DA33B40EBC0
http://decryptor.cc/25BA0DA33B40EBC0
Targets
-
-
Target
ef447ab5d2ae0a9d701c838651e09c94.bat
-
Size
222B
-
MD5
c5368e48c478684dfe98d32e80ae5937
-
SHA1
306390ba49636df25818c32788ed3fe603394007
-
SHA256
80a177482b2efdaad3bf92dd550933e4a859bfc987e2511c301838d687fdfe86
-
SHA512
080141c425524360ce79c56e3de9f7196c4527001ed7c763056876ef2c5dd078a9751f7e3a87a0914928327b218428870e07f979d1c26a29390112142df55fbe
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-