General
-
Target
0cc92ed976f20bbf302be1a39d209cfb.bat
-
Size
215B
-
Sample
200809-6zprs1z6sj
-
MD5
5a017babe92c5caf427346c46b48b015
-
SHA1
2958eaeeb470d273b70d1528c0e78b33de585b8c
-
SHA256
02a0406ce3e4a1076e67011128e0f0ea53e4c1ab7826a25e0215c8418960563e
-
SHA512
8406dd4b30b5f549321ee69c640c3ddb93cdf3213075ddd8f283698129b39a1ae09e08cceea0a508aaa2a600b96f7e491331edd63e8f2309563bebc386ef6ece
Static task
static1
Behavioral task
behavioral1
Sample
0cc92ed976f20bbf302be1a39d209cfb.bat
Resource
win7
Behavioral task
behavioral2
Sample
0cc92ed976f20bbf302be1a39d209cfb.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/0cc92ed976f20bbf302be1a39d209cfb
Extracted
C:\qumn6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FD8962F599EA2046
http://decryptor.cc/FD8962F599EA2046
Extracted
C:\jl77p-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/183B54E3404D5CCD
http://decryptor.cc/183B54E3404D5CCD
Targets
-
-
Target
0cc92ed976f20bbf302be1a39d209cfb.bat
-
Size
215B
-
MD5
5a017babe92c5caf427346c46b48b015
-
SHA1
2958eaeeb470d273b70d1528c0e78b33de585b8c
-
SHA256
02a0406ce3e4a1076e67011128e0f0ea53e4c1ab7826a25e0215c8418960563e
-
SHA512
8406dd4b30b5f549321ee69c640c3ddb93cdf3213075ddd8f283698129b39a1ae09e08cceea0a508aaa2a600b96f7e491331edd63e8f2309563bebc386ef6ece
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-