General
-
Target
21b6d26f5616dbe4b9f07bd5660bb62d.bat
-
Size
215B
-
Sample
200804-mtj74qqgb2
-
MD5
d0dba6d8db0dbf8637507b05349fd02f
-
SHA1
e3795cff8728780bd8d72ae5f7e317ee93075e93
-
SHA256
085cf732d404c2443d63dd7fef9f872f0c4dc0ef5f0c048bd308a20aff169bd8
-
SHA512
de33e169bfaf0170acb3053f62d40e115e162671c77555e7c0bae5e12579f7900f1172296279167f120a3821566ee8b111e5e2e366711bf0d5fde9e5e3340b7f
Static task
static1
Behavioral task
behavioral1
Sample
21b6d26f5616dbe4b9f07bd5660bb62d.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
21b6d26f5616dbe4b9f07bd5660bb62d.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/21b6d26f5616dbe4b9f07bd5660bb62d
Extracted
C:\207z8wza-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0391F0FEF62C0D9B
http://decryptor.cc/0391F0FEF62C0D9B
Targets
-
-
Target
21b6d26f5616dbe4b9f07bd5660bb62d.bat
-
Size
215B
-
MD5
d0dba6d8db0dbf8637507b05349fd02f
-
SHA1
e3795cff8728780bd8d72ae5f7e317ee93075e93
-
SHA256
085cf732d404c2443d63dd7fef9f872f0c4dc0ef5f0c048bd308a20aff169bd8
-
SHA512
de33e169bfaf0170acb3053f62d40e115e162671c77555e7c0bae5e12579f7900f1172296279167f120a3821566ee8b111e5e2e366711bf0d5fde9e5e3340b7f
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-