General
-
Target
bd978ef89b238bfae52044568aa42c75.bat
-
Size
216B
-
Sample
200602-3l8t6t584s
-
MD5
f0df01a4173ce448321aea96ca779d4e
-
SHA1
ad432c315a539443f75f5c2456748c6e8b5d5c4f
-
SHA256
0152af15e9235a11368c7777e3d71e92c99fadbe9392a54acfab853445a9c50d
-
SHA512
08f9b9f0067ace92197239000cc1bed35239c6cfad5d60e2e388189b38affebd639a6e2c52e120e2cf8ba58c8e00b2035ff9536d00a41d844d8df68556504055
Static task
static1
Behavioral task
behavioral1
Sample
bd978ef89b238bfae52044568aa42c75.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
bd978ef89b238bfae52044568aa42c75.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/bd978ef89b238bfae52044568aa42c75
Extracted
C:\i6u41-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/691FDFA67D07FCE4
http://decryptor.cc/691FDFA67D07FCE4
Targets
-
-
Target
bd978ef89b238bfae52044568aa42c75.bat
-
Size
216B
-
MD5
f0df01a4173ce448321aea96ca779d4e
-
SHA1
ad432c315a539443f75f5c2456748c6e8b5d5c4f
-
SHA256
0152af15e9235a11368c7777e3d71e92c99fadbe9392a54acfab853445a9c50d
-
SHA512
08f9b9f0067ace92197239000cc1bed35239c6cfad5d60e2e388189b38affebd639a6e2c52e120e2cf8ba58c8e00b2035ff9536d00a41d844d8df68556504055
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-