General
-
Target
2b4587aed40db6e44cbff092b52b841e.bat
-
Size
218B
-
Sample
200804-etrwz5wjc2
-
MD5
c69dabb8c2f1ca155fb5fe3b0482d0a7
-
SHA1
b3faaf0bd82fe27b076ec814b2123cf962ead51b
-
SHA256
99824d3ef35b84b0fc40214867e3c54e5518491efa1c5c9d796b1acb2cbe81d7
-
SHA512
c5fc762e4d76e921bd55faa68fff86efe13f0b49b7cbeaaf2d4050cbb8e65f400399d84acf4056e36c8f560a8e9a7fd5b9c711fcb0ef23f65f14ea0724eef174
Static task
static1
Behavioral task
behavioral1
Sample
2b4587aed40db6e44cbff092b52b841e.bat
Resource
win7
Behavioral task
behavioral2
Sample
2b4587aed40db6e44cbff092b52b841e.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/2b4587aed40db6e44cbff092b52b841e
Extracted
C:\73843qq-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/18FA4617919C31AE
http://decryptor.cc/18FA4617919C31AE
Targets
-
-
Target
2b4587aed40db6e44cbff092b52b841e.bat
-
Size
218B
-
MD5
c69dabb8c2f1ca155fb5fe3b0482d0a7
-
SHA1
b3faaf0bd82fe27b076ec814b2123cf962ead51b
-
SHA256
99824d3ef35b84b0fc40214867e3c54e5518491efa1c5c9d796b1acb2cbe81d7
-
SHA512
c5fc762e4d76e921bd55faa68fff86efe13f0b49b7cbeaaf2d4050cbb8e65f400399d84acf4056e36c8f560a8e9a7fd5b9c711fcb0ef23f65f14ea0724eef174
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-