General
-
Target
4626b3b73d1f129fc3e84a480d61b9c0.bat
-
Size
215B
-
Sample
200809-4kzqapqkmj
-
MD5
88f60ecdde5708db8e386e5ec0e8ab5d
-
SHA1
b335c8ebd89c3841b9c94dce59d869129e6a6a05
-
SHA256
44e348d60642000f9a2174c80ad87d7c89623bd4ee88c1953fe800508d49ed72
-
SHA512
f4cd16976ae7aab93f031d29326dce33756b86ca25b7cb898ab05de69d679566dea3cec3f535e4f88198b6472df998d82839b6b48d73b4ba58fe2a255d623525
Static task
static1
Behavioral task
behavioral1
Sample
4626b3b73d1f129fc3e84a480d61b9c0.bat
Resource
win7
Behavioral task
behavioral2
Sample
4626b3b73d1f129fc3e84a480d61b9c0.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/4626b3b73d1f129fc3e84a480d61b9c0
Extracted
C:\efc80-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D2DFBB256CFF65E6
http://decryptor.cc/D2DFBB256CFF65E6
Extracted
C:\h7tm03t82g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5E9901D8AE11A76E
http://decryptor.cc/5E9901D8AE11A76E
Targets
-
-
Target
4626b3b73d1f129fc3e84a480d61b9c0.bat
-
Size
215B
-
MD5
88f60ecdde5708db8e386e5ec0e8ab5d
-
SHA1
b335c8ebd89c3841b9c94dce59d869129e6a6a05
-
SHA256
44e348d60642000f9a2174c80ad87d7c89623bd4ee88c1953fe800508d49ed72
-
SHA512
f4cd16976ae7aab93f031d29326dce33756b86ca25b7cb898ab05de69d679566dea3cec3f535e4f88198b6472df998d82839b6b48d73b4ba58fe2a255d623525
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-