General
-
Target
834fe3c10a5c6788c12a8dfd6b3a22bc.bat
-
Size
219B
-
Sample
200608-mmx3dcz9gj
-
MD5
9aeae02203b8a1236ef5aa06a8df49df
-
SHA1
f33e529e1dd812bd81e80fcc6b08c5d019184c74
-
SHA256
4792e10c28499b9868f31d6a7dd670cf12a22f14d11a7b0bb8c781289743eed7
-
SHA512
fdfe723f2cbf8c3f3b1a8b4211955bc60bf24f98ac81a719821e52ed5883cbdbf8b872107b5b4ae1ae5f3a6477f201f59c9452641624f4f06a61358b8013dc6e
Static task
static1
Behavioral task
behavioral1
Sample
834fe3c10a5c6788c12a8dfd6b3a22bc.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
834fe3c10a5c6788c12a8dfd6b3a22bc.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/834fe3c10a5c6788c12a8dfd6b3a22bc
Extracted
C:\385fl2i-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D80EBFA21144DC89
http://decryptor.cc/D80EBFA21144DC89
Targets
-
-
Target
834fe3c10a5c6788c12a8dfd6b3a22bc.bat
-
Size
219B
-
MD5
9aeae02203b8a1236ef5aa06a8df49df
-
SHA1
f33e529e1dd812bd81e80fcc6b08c5d019184c74
-
SHA256
4792e10c28499b9868f31d6a7dd670cf12a22f14d11a7b0bb8c781289743eed7
-
SHA512
fdfe723f2cbf8c3f3b1a8b4211955bc60bf24f98ac81a719821e52ed5883cbdbf8b872107b5b4ae1ae5f3a6477f201f59c9452641624f4f06a61358b8013dc6e
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-