General
-
Target
ab5cb2e23e6cb4c513ac6a13703f86bf.bat
-
Size
214B
-
Sample
200602-fc9h4x3hvx
-
MD5
ea3a91c4eabb53ea1c81584514484a54
-
SHA1
4ffb8f1584f99e6d9902953d956127871c4e21eb
-
SHA256
923b7329858020e85b39023f735fe9cffc528a5dd16e66de4de494c11050d475
-
SHA512
38d8ad718a57fa0db8ae41c578aea725c940af2eed5e975498f9642699c2f40ab9515ad1eb0a380109c30c53bbb9701bea646a8656dd0070a74e50a5366d646b
Static task
static1
Behavioral task
behavioral1
Sample
ab5cb2e23e6cb4c513ac6a13703f86bf.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
ab5cb2e23e6cb4c513ac6a13703f86bf.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/ab5cb2e23e6cb4c513ac6a13703f86bf
Extracted
C:\w5nw631jn0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2DC78CB438E8005A
http://decryptor.cc/2DC78CB438E8005A
Targets
-
-
Target
ab5cb2e23e6cb4c513ac6a13703f86bf.bat
-
Size
214B
-
MD5
ea3a91c4eabb53ea1c81584514484a54
-
SHA1
4ffb8f1584f99e6d9902953d956127871c4e21eb
-
SHA256
923b7329858020e85b39023f735fe9cffc528a5dd16e66de4de494c11050d475
-
SHA512
38d8ad718a57fa0db8ae41c578aea725c940af2eed5e975498f9642699c2f40ab9515ad1eb0a380109c30c53bbb9701bea646a8656dd0070a74e50a5366d646b
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-