General
-
Target
bef69b68e4cea8e3eefee8da26543509.bat
-
Size
220B
-
Sample
200604-e3qrha7v22
-
MD5
f506edf0fe02fe851c4ad75db6112399
-
SHA1
583ba0b7f8553e3ea3adf90de4f1750e8d989390
-
SHA256
f6d98f99d70c4be05421f3c7fddc98c074854a0e6a38659100f275804a5c187e
-
SHA512
db82f1056a21ebf451fb3bc400daf9efd94c43110f256c74653bc68f7c113a4d93e1c633c084a687cb42d391875c026fa643c221ccb1126ead3bf2d7cfaa3619
Static task
static1
Behavioral task
behavioral1
Sample
bef69b68e4cea8e3eefee8da26543509.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
bef69b68e4cea8e3eefee8da26543509.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/bef69b68e4cea8e3eefee8da26543509
Extracted
C:\z51x2b3522-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3187F5FE3E32B1A5
http://decryptor.cc/3187F5FE3E32B1A5
Targets
-
-
Target
bef69b68e4cea8e3eefee8da26543509.bat
-
Size
220B
-
MD5
f506edf0fe02fe851c4ad75db6112399
-
SHA1
583ba0b7f8553e3ea3adf90de4f1750e8d989390
-
SHA256
f6d98f99d70c4be05421f3c7fddc98c074854a0e6a38659100f275804a5c187e
-
SHA512
db82f1056a21ebf451fb3bc400daf9efd94c43110f256c74653bc68f7c113a4d93e1c633c084a687cb42d391875c026fa643c221ccb1126ead3bf2d7cfaa3619
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-