General
-
Target
06b926501124d92a036344bf241649d7.bat
-
Size
220B
-
Sample
200805-9xhk7knfhx
-
MD5
1f1b4ef469c59f64bc350fa3049fb232
-
SHA1
3415fe4896d99fe99f439347fdb4aa3fc2ce9358
-
SHA256
b90e099ce246bbb92781c5426491b3def2122660c546f5ab93aca4a0baeb1edd
-
SHA512
93cf23a75fd96010e5ce84107ab0a86013775aa6392c1218611b7538c9abf2700a13998325993cc3ae1c95d23a680df37b70cc2b245c04fd5aa14bf185696399
Static task
static1
Behavioral task
behavioral1
Sample
06b926501124d92a036344bf241649d7.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
06b926501124d92a036344bf241649d7.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/06b926501124d92a036344bf241649d7
Extracted
C:\dk431663-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/35A04B8DF5A05CE9
http://decryptor.cc/35A04B8DF5A05CE9
Targets
-
-
Target
06b926501124d92a036344bf241649d7.bat
-
Size
220B
-
MD5
1f1b4ef469c59f64bc350fa3049fb232
-
SHA1
3415fe4896d99fe99f439347fdb4aa3fc2ce9358
-
SHA256
b90e099ce246bbb92781c5426491b3def2122660c546f5ab93aca4a0baeb1edd
-
SHA512
93cf23a75fd96010e5ce84107ab0a86013775aa6392c1218611b7538c9abf2700a13998325993cc3ae1c95d23a680df37b70cc2b245c04fd5aa14bf185696399
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-