General
-
Target
5356d4234ccf138172e7820bde48cb1d.bat
-
Size
219B
-
Sample
200807-ycv3g7fxxn
-
MD5
7ead0a1f8df272b28f265e05b4f23088
-
SHA1
07c838862750645da66de62f19d4ac32d852da99
-
SHA256
e4133ab28a0c8965753d56a55beff0bdf47d6bb7d711d708f36f7fe985085a21
-
SHA512
b9f721731cfdb058f37dbfc3e42eb519485916eba77b8f1cc3b8f0a1bd7facded50dcf3a2bb6ed87b749f7f01199962061a3005d179184fafdeeef6dfcb3c1b9
Static task
static1
Behavioral task
behavioral1
Sample
5356d4234ccf138172e7820bde48cb1d.bat
Resource
win7
Behavioral task
behavioral2
Sample
5356d4234ccf138172e7820bde48cb1d.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/5356d4234ccf138172e7820bde48cb1d
Extracted
C:\gst2it-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A632771ABD9B4A1B
http://decryptor.cc/A632771ABD9B4A1B
Extracted
C:\zjdvlwo1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/326EA3E7D1077C8E
http://decryptor.cc/326EA3E7D1077C8E
Targets
-
-
Target
5356d4234ccf138172e7820bde48cb1d.bat
-
Size
219B
-
MD5
7ead0a1f8df272b28f265e05b4f23088
-
SHA1
07c838862750645da66de62f19d4ac32d852da99
-
SHA256
e4133ab28a0c8965753d56a55beff0bdf47d6bb7d711d708f36f7fe985085a21
-
SHA512
b9f721731cfdb058f37dbfc3e42eb519485916eba77b8f1cc3b8f0a1bd7facded50dcf3a2bb6ed87b749f7f01199962061a3005d179184fafdeeef6dfcb3c1b9
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-