General
-
Target
b0d58156fab428d26b46727824eabf37.bat
-
Size
214B
-
Sample
200602-arcdr9x68e
-
MD5
80701ef329f0effbde1182ab9f26be31
-
SHA1
b948c5f5d1d8d2f7bb793db6ed2119d8143b8084
-
SHA256
bfecfd11f233e3531ec0241d1186c28fd737e3b476a51e4000312296ab8c0c1c
-
SHA512
f2a24c2587f2621b2a9d571522a4e0126af41f482d2e942579c199acacb98a4783dd03f06635173f59c6e37c2ad55f8778a7c0841e4848dee533ddf232ce5b9d
Static task
static1
Behavioral task
behavioral1
Sample
b0d58156fab428d26b46727824eabf37.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
b0d58156fab428d26b46727824eabf37.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/b0d58156fab428d26b46727824eabf37
Extracted
C:\70f6a4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5E2B4ACBB61DFC6D
http://decryptor.cc/5E2B4ACBB61DFC6D
Targets
-
-
Target
b0d58156fab428d26b46727824eabf37.bat
-
Size
214B
-
MD5
80701ef329f0effbde1182ab9f26be31
-
SHA1
b948c5f5d1d8d2f7bb793db6ed2119d8143b8084
-
SHA256
bfecfd11f233e3531ec0241d1186c28fd737e3b476a51e4000312296ab8c0c1c
-
SHA512
f2a24c2587f2621b2a9d571522a4e0126af41f482d2e942579c199acacb98a4783dd03f06635173f59c6e37c2ad55f8778a7c0841e4848dee533ddf232ce5b9d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-