General
-
Target
0c8fe037f03d1ce50314d43d98fbb194.bat
-
Size
219B
-
Sample
200607-8a4mvs4s7x
-
MD5
7ade68e5f45f65e5f0d80987ec07fe12
-
SHA1
ad4667dfd46bd31108df3355378d115891af37b4
-
SHA256
bb6e5707ed0e890b78840f7baf4ddc06662c752d1db3c0b7f510db84c544a44f
-
SHA512
24c287f1306c94c85824f19d7285525afc0dad378975bbf1b92fd4b6217cfb3f33f0c2f98634cc8b2d9a65af5fbd8ad3cc1ddfcec1af86a97bfdf3d84f6f0a7a
Static task
static1
Behavioral task
behavioral1
Sample
0c8fe037f03d1ce50314d43d98fbb194.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
0c8fe037f03d1ce50314d43d98fbb194.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/0c8fe037f03d1ce50314d43d98fbb194
Extracted
C:\a718494f64-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E93CD2D66E9B0E2E
http://decryptor.cc/E93CD2D66E9B0E2E
Targets
-
-
Target
0c8fe037f03d1ce50314d43d98fbb194.bat
-
Size
219B
-
MD5
7ade68e5f45f65e5f0d80987ec07fe12
-
SHA1
ad4667dfd46bd31108df3355378d115891af37b4
-
SHA256
bb6e5707ed0e890b78840f7baf4ddc06662c752d1db3c0b7f510db84c544a44f
-
SHA512
24c287f1306c94c85824f19d7285525afc0dad378975bbf1b92fd4b6217cfb3f33f0c2f98634cc8b2d9a65af5fbd8ad3cc1ddfcec1af86a97bfdf3d84f6f0a7a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-