General
-
Target
9de315693c64bdae451a94b7fba94cd7.bat
-
Size
216B
-
Sample
200731-vdgrml8qh2
-
MD5
326e8645188851fa741312cfd98964c4
-
SHA1
fc88590aa93e65b6d4604f18df31aeb7c78cffd4
-
SHA256
5f5d0072bf19dad6f7d88f7b7487e08d4a689d9b26d5cf265d54d049a1ae9788
-
SHA512
e3a8666cf03291ceeaae820553a8b10a474ec611503e7e89f21a4ecfdfb3233fa4c9908b6eb07bf0ecddd9e6785d5e2d74545faa5747a4ddda877484fa872e1f
Static task
static1
Behavioral task
behavioral1
Sample
9de315693c64bdae451a94b7fba94cd7.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
9de315693c64bdae451a94b7fba94cd7.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/9de315693c64bdae451a94b7fba94cd7
Extracted
C:\sgyx0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C0D605733D083811
http://decryptor.cc/C0D605733D083811
Targets
-
-
Target
9de315693c64bdae451a94b7fba94cd7.bat
-
Size
216B
-
MD5
326e8645188851fa741312cfd98964c4
-
SHA1
fc88590aa93e65b6d4604f18df31aeb7c78cffd4
-
SHA256
5f5d0072bf19dad6f7d88f7b7487e08d4a689d9b26d5cf265d54d049a1ae9788
-
SHA512
e3a8666cf03291ceeaae820553a8b10a474ec611503e7e89f21a4ecfdfb3233fa4c9908b6eb07bf0ecddd9e6785d5e2d74545faa5747a4ddda877484fa872e1f
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-