General
-
Target
c9af7ca3680a5a25e788062683cc93b4.bat
-
Size
219B
-
Sample
200721-hy747xv9d6
-
MD5
dc0a4c0f80db22d5242cb4addeaa91f8
-
SHA1
ac411eca6ffc942efad96a63d86307d77c9f0c2f
-
SHA256
7de87ff14574bfdf6858a7cf58f8dad6ba484c372a9d5f4b4e3b6a4824d1a40a
-
SHA512
ab01868327fdc22ac891fe45261dfa8f737060c5c797fd42296bb71b546f82d84bba3114be6c37b35dd17621dd0f953ecd53191c9664864e9aae983493117e5c
Static task
static1
Behavioral task
behavioral1
Sample
c9af7ca3680a5a25e788062683cc93b4.bat
Resource
win7v200430
Behavioral task
behavioral2
Sample
c9af7ca3680a5a25e788062683cc93b4.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/c9af7ca3680a5a25e788062683cc93b4
Extracted
C:\y5h61s8orj-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D2D55285718AB8B9
http://decryptor.cc/D2D55285718AB8B9
Targets
-
-
Target
c9af7ca3680a5a25e788062683cc93b4.bat
-
Size
219B
-
MD5
dc0a4c0f80db22d5242cb4addeaa91f8
-
SHA1
ac411eca6ffc942efad96a63d86307d77c9f0c2f
-
SHA256
7de87ff14574bfdf6858a7cf58f8dad6ba484c372a9d5f4b4e3b6a4824d1a40a
-
SHA512
ab01868327fdc22ac891fe45261dfa8f737060c5c797fd42296bb71b546f82d84bba3114be6c37b35dd17621dd0f953ecd53191c9664864e9aae983493117e5c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-