General
-
Target
30c96bd5d55b4ede2ca100b6224868a5.bat
-
Size
213B
-
Sample
200608-zcaqj1tn92
-
MD5
5ae8dd965aa55e41ed206290cfbb9a9c
-
SHA1
6d948a52ac79ff84600ee780122920ddd586ca62
-
SHA256
2f7e36eabad58aa80b8ad798095771fcbd5670e8d4684ae942666ce2a086bb24
-
SHA512
0dde15a4d13e9cbb065df025ede606e37de6f6be2fa55495891694f564a4b776884fa1eaa2b7d44cbdac9d79cb24d1d5f16ffc8d347fc3626de2959515420629
Static task
static1
Behavioral task
behavioral1
Sample
30c96bd5d55b4ede2ca100b6224868a5.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
30c96bd5d55b4ede2ca100b6224868a5.bat
Resource
win10v200430
Malware Config
Extracted
http://185.103.242.78/pastes/30c96bd5d55b4ede2ca100b6224868a5
Extracted
C:\3b8h58-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D04A4DF1C363A8E8
http://decryptor.cc/D04A4DF1C363A8E8
Targets
-
-
Target
30c96bd5d55b4ede2ca100b6224868a5.bat
-
Size
213B
-
MD5
5ae8dd965aa55e41ed206290cfbb9a9c
-
SHA1
6d948a52ac79ff84600ee780122920ddd586ca62
-
SHA256
2f7e36eabad58aa80b8ad798095771fcbd5670e8d4684ae942666ce2a086bb24
-
SHA512
0dde15a4d13e9cbb065df025ede606e37de6f6be2fa55495891694f564a4b776884fa1eaa2b7d44cbdac9d79cb24d1d5f16ffc8d347fc3626de2959515420629
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-