General
-
Target
0a68667f99524ab8520068fdbbed1678.bat
-
Size
221B
-
Sample
200807-qcd6a4y77e
-
MD5
cefe88b45a372f35cb4fffccfe53cbe0
-
SHA1
b3674eae09ae4b809ee9996ace3983b9a19a67b8
-
SHA256
2205a70334b25bffd2fd640431ead8e205972aec23afb40445acc07551125122
-
SHA512
e52d33a82535394ef297031ff5c51169c0859959c6b043f8f6ff33eb93cf5e0750f07060e8d36f3a47248ce9770a632313cc15544c3c2343c78d08701fcb23f0
Static task
static1
Behavioral task
behavioral1
Sample
0a68667f99524ab8520068fdbbed1678.bat
Resource
win7
Behavioral task
behavioral2
Sample
0a68667f99524ab8520068fdbbed1678.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/0a68667f99524ab8520068fdbbed1678
Extracted
C:\lu3p18it-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/178BCB8E629819B6
http://decryptor.cc/178BCB8E629819B6
Extracted
C:\056414l3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A328ECD981E1AB4C
http://decryptor.cc/A328ECD981E1AB4C
Targets
-
-
Target
0a68667f99524ab8520068fdbbed1678.bat
-
Size
221B
-
MD5
cefe88b45a372f35cb4fffccfe53cbe0
-
SHA1
b3674eae09ae4b809ee9996ace3983b9a19a67b8
-
SHA256
2205a70334b25bffd2fd640431ead8e205972aec23afb40445acc07551125122
-
SHA512
e52d33a82535394ef297031ff5c51169c0859959c6b043f8f6ff33eb93cf5e0750f07060e8d36f3a47248ce9770a632313cc15544c3c2343c78d08701fcb23f0
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-