General
-
Target
b4c987a88b89ef8fa5c5aeba0b67be50.bat
-
Size
213B
-
Sample
200602-4gyy3pjyas
-
MD5
4eb17a9cecc3bdbd9c5f740e178603f1
-
SHA1
2789a656216c376ff49aad51a0371dd670332170
-
SHA256
ce07460453840eb7611281737273b06d33142f8a78b30717f3a197de5471d2a7
-
SHA512
1c771152007dacdd546e9f365dfc5221ba89223e5ecf63d2f14865bd71d7df5030331d3d794db13db7e4fd26f9825a2b02ceba7972b92c9da9f2d920ede55023
Static task
static1
Behavioral task
behavioral1
Sample
b4c987a88b89ef8fa5c5aeba0b67be50.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
b4c987a88b89ef8fa5c5aeba0b67be50.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/b4c987a88b89ef8fa5c5aeba0b67be50
Extracted
C:\lu34t0c25-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D9F8304DE20EF488
http://decryptor.cc/D9F8304DE20EF488
Targets
-
-
Target
b4c987a88b89ef8fa5c5aeba0b67be50.bat
-
Size
213B
-
MD5
4eb17a9cecc3bdbd9c5f740e178603f1
-
SHA1
2789a656216c376ff49aad51a0371dd670332170
-
SHA256
ce07460453840eb7611281737273b06d33142f8a78b30717f3a197de5471d2a7
-
SHA512
1c771152007dacdd546e9f365dfc5221ba89223e5ecf63d2f14865bd71d7df5030331d3d794db13db7e4fd26f9825a2b02ceba7972b92c9da9f2d920ede55023
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-