General
-
Target
b84c5ee27ddebb86958f6d6a06c0d157.bat
-
Size
215B
-
Sample
200605-t66lb27mdn
-
MD5
3fb4882cf9ed9ae348a4f6778326213f
-
SHA1
d0232b07da1053d045511423371421f57c148d1f
-
SHA256
16197944f910a1ec6485dcb92730374511c7e560e0b78ba3c6410e5238ba6f0e
-
SHA512
fabe93e067bf0541b1f03d910f9dd07f4c5408f6922c1d736dec551646a1118deee24df1a8d77c74951d58f0260056600c2ec82b397251940f3869a39e87ed60
Static task
static1
Behavioral task
behavioral1
Sample
b84c5ee27ddebb86958f6d6a06c0d157.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
b84c5ee27ddebb86958f6d6a06c0d157.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/b84c5ee27ddebb86958f6d6a06c0d157
Extracted
C:\n22qm-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/604AEF53B402A9A5
http://decryptor.cc/604AEF53B402A9A5
Targets
-
-
Target
b84c5ee27ddebb86958f6d6a06c0d157.bat
-
Size
215B
-
MD5
3fb4882cf9ed9ae348a4f6778326213f
-
SHA1
d0232b07da1053d045511423371421f57c148d1f
-
SHA256
16197944f910a1ec6485dcb92730374511c7e560e0b78ba3c6410e5238ba6f0e
-
SHA512
fabe93e067bf0541b1f03d910f9dd07f4c5408f6922c1d736dec551646a1118deee24df1a8d77c74951d58f0260056600c2ec82b397251940f3869a39e87ed60
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-