General
-
Target
4c3f9a85e15b5e5ced247c4db5cc1ac8.bat
-
Size
214B
-
Sample
200804-xq9kyvz44e
-
MD5
ab7436a5589cc4e14a3a586cb7986ccf
-
SHA1
18affc52165f28fa734ce7db7bb3e87fbc6b8109
-
SHA256
01af7238910c3f7b6b1020bb52d96c54e6bb497f8b4a1531c0a7728cdd9842a4
-
SHA512
bd7793576dda6727343c8bcf7371336c8a9a46a9627a7eab7dafb2cc606c232f5c42c0be3f69832bb8178ec279840f5071ceb90705d8609b66495a7b3e1ca8b4
Static task
static1
Behavioral task
behavioral1
Sample
4c3f9a85e15b5e5ced247c4db5cc1ac8.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
4c3f9a85e15b5e5ced247c4db5cc1ac8.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/4c3f9a85e15b5e5ced247c4db5cc1ac8
Extracted
C:\31s9h3bt-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CD5737086E0A982D
http://decryptor.cc/CD5737086E0A982D
Targets
-
-
Target
4c3f9a85e15b5e5ced247c4db5cc1ac8.bat
-
Size
214B
-
MD5
ab7436a5589cc4e14a3a586cb7986ccf
-
SHA1
18affc52165f28fa734ce7db7bb3e87fbc6b8109
-
SHA256
01af7238910c3f7b6b1020bb52d96c54e6bb497f8b4a1531c0a7728cdd9842a4
-
SHA512
bd7793576dda6727343c8bcf7371336c8a9a46a9627a7eab7dafb2cc606c232f5c42c0be3f69832bb8178ec279840f5071ceb90705d8609b66495a7b3e1ca8b4
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-