General
-
Target
7dd11380f39c84448a7000c280f12a78.bat
-
Size
219B
-
Sample
200602-lfn2kmmhze
-
MD5
694736c7cc588c0f7d4fea15b4f4e074
-
SHA1
322715308f98b4e097a6e8eb88c84cd75e6dffa3
-
SHA256
45b6d83a99693328a71a689d57f8b722e4e74c34b984569bec15e1108852bebc
-
SHA512
c93891f9542c5b111d290df367ff1019cc46f5b23f32df4b83989ba23a79215906029cbe2568c45f4226e650d3c55e50dcf6a5dd6fb382721e99f6da47bdd3d8
Static task
static1
Behavioral task
behavioral1
Sample
7dd11380f39c84448a7000c280f12a78.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
7dd11380f39c84448a7000c280f12a78.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/7dd11380f39c84448a7000c280f12a78
Extracted
C:\7vaglni2z0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/BD0ED380483BE43E
http://decryptor.cc/BD0ED380483BE43E
Targets
-
-
Target
7dd11380f39c84448a7000c280f12a78.bat
-
Size
219B
-
MD5
694736c7cc588c0f7d4fea15b4f4e074
-
SHA1
322715308f98b4e097a6e8eb88c84cd75e6dffa3
-
SHA256
45b6d83a99693328a71a689d57f8b722e4e74c34b984569bec15e1108852bebc
-
SHA512
c93891f9542c5b111d290df367ff1019cc46f5b23f32df4b83989ba23a79215906029cbe2568c45f4226e650d3c55e50dcf6a5dd6fb382721e99f6da47bdd3d8
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-