General
-
Target
421a8c43602d912fb7d54f525915eee9.bat
-
Size
220B
-
Sample
200602-sg2s6wjdas
-
MD5
c786b66ecefc50b20289a9d38575b5a2
-
SHA1
a1851402b42988ea349215149d3ca3b2890eb425
-
SHA256
bf0760cd225ed3fc4df18cf25a62e6f2f45c50f3e4726d258981e81b68e2bd65
-
SHA512
3dc1d42fda27a8b7c9e3c2b32c957f19a619d035ed0609fea3181efac5c037e516b4184659e69fc0821db6fb56f68052f7a23248c05ddac25964357dd6193a77
Static task
static1
Behavioral task
behavioral1
Sample
421a8c43602d912fb7d54f525915eee9.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
421a8c43602d912fb7d54f525915eee9.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/421a8c43602d912fb7d54f525915eee9
Extracted
C:\c82t9od-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A8D042B21194D3AC
http://decryptor.cc/A8D042B21194D3AC
Targets
-
-
Target
421a8c43602d912fb7d54f525915eee9.bat
-
Size
220B
-
MD5
c786b66ecefc50b20289a9d38575b5a2
-
SHA1
a1851402b42988ea349215149d3ca3b2890eb425
-
SHA256
bf0760cd225ed3fc4df18cf25a62e6f2f45c50f3e4726d258981e81b68e2bd65
-
SHA512
3dc1d42fda27a8b7c9e3c2b32c957f19a619d035ed0609fea3181efac5c037e516b4184659e69fc0821db6fb56f68052f7a23248c05ddac25964357dd6193a77
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-