General
-
Target
25cf7ba78d389fb326f0e98895989410.bat
-
Size
216B
-
Sample
200809-nec48wzbgj
-
MD5
ca96a50f1dbb7a4a0bbd3889984eae09
-
SHA1
fae38c86303f6ac8771260e09be944dc5b07c90e
-
SHA256
45d08574bc59eed48570614a1f267ba73ba94011c6fd8dfe3591c01580533b70
-
SHA512
dfcce14a5f3e8d81a55f38862c78395146a64201184a2a1bed5db0128559ade834e3343c4526808894bbac71954884e18ba00c7d2b0c2bc49f96a68208227550
Static task
static1
Behavioral task
behavioral1
Sample
25cf7ba78d389fb326f0e98895989410.bat
Resource
win7
Behavioral task
behavioral2
Sample
25cf7ba78d389fb326f0e98895989410.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/25cf7ba78d389fb326f0e98895989410
Extracted
C:\optofz3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3A1D3A401EC07D7A
http://decryptor.cc/3A1D3A401EC07D7A
Extracted
C:\176e8u2-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A5D78B1958D2D4CD
http://decryptor.cc/A5D78B1958D2D4CD
Targets
-
-
Target
25cf7ba78d389fb326f0e98895989410.bat
-
Size
216B
-
MD5
ca96a50f1dbb7a4a0bbd3889984eae09
-
SHA1
fae38c86303f6ac8771260e09be944dc5b07c90e
-
SHA256
45d08574bc59eed48570614a1f267ba73ba94011c6fd8dfe3591c01580533b70
-
SHA512
dfcce14a5f3e8d81a55f38862c78395146a64201184a2a1bed5db0128559ade834e3343c4526808894bbac71954884e18ba00c7d2b0c2bc49f96a68208227550
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-