General
-
Target
837314d5a05e52f9e0f09a5a473497d3.bat
-
Size
219B
-
Sample
200603-5q2v6q79w2
-
MD5
e87a8c6ada089d0fc3473fb4ba1558c2
-
SHA1
dd36ca2fa4407f895a6261a1cfee402482ed0bc9
-
SHA256
26044d6010566eb7dd69bf7aa8595f0aa4b739d18418526591bd1bf544f91b4a
-
SHA512
254f838fba727d5a1fc5a71a60182b9b940e0fcb93a0797e335ee99e46d4a8ea2d7a613f7ee72a567146a7d13ff2bc20f8187eb199bd336969eedfed6403ed4c
Static task
static1
Behavioral task
behavioral1
Sample
837314d5a05e52f9e0f09a5a473497d3.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
837314d5a05e52f9e0f09a5a473497d3.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/837314d5a05e52f9e0f09a5a473497d3
Extracted
C:\88a3w9hls4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/99CC83E05C635FBD
http://decryptor.cc/99CC83E05C635FBD
Targets
-
-
Target
837314d5a05e52f9e0f09a5a473497d3.bat
-
Size
219B
-
MD5
e87a8c6ada089d0fc3473fb4ba1558c2
-
SHA1
dd36ca2fa4407f895a6261a1cfee402482ed0bc9
-
SHA256
26044d6010566eb7dd69bf7aa8595f0aa4b739d18418526591bd1bf544f91b4a
-
SHA512
254f838fba727d5a1fc5a71a60182b9b940e0fcb93a0797e335ee99e46d4a8ea2d7a613f7ee72a567146a7d13ff2bc20f8187eb199bd336969eedfed6403ed4c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-