General
-
Target
bd67c60ce76f0f3b40b1b84b16b2ab8d.bat
-
Size
215B
-
Sample
200809-rbjwygwxla
-
MD5
978c1461e8ec6775c873642c5b834b74
-
SHA1
1b1497826b127c246f8dabf76e1b70282de5dd4d
-
SHA256
735dd69f2f238ab5aadf794e088d67c71cff9321f753fc47c1c8de4f914567ed
-
SHA512
882e9baf4c3404dc69e1a866f9f707cd259be9fff097f69f7aa513a9e0d5e6c9b910f96eebb96d0c8b52607e02cca9f8df3768a85c3b85debdefcbe57cefcd96
Static task
static1
Behavioral task
behavioral1
Sample
bd67c60ce76f0f3b40b1b84b16b2ab8d.bat
Resource
win7
Behavioral task
behavioral2
Sample
bd67c60ce76f0f3b40b1b84b16b2ab8d.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/bd67c60ce76f0f3b40b1b84b16b2ab8d
Extracted
C:\0dd1e-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/97E1C50A97C3FCBF
http://decryptor.cc/97E1C50A97C3FCBF
Extracted
C:\t72rz83vf-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5B6E9B7957F638FA
http://decryptor.cc/5B6E9B7957F638FA
Targets
-
-
Target
bd67c60ce76f0f3b40b1b84b16b2ab8d.bat
-
Size
215B
-
MD5
978c1461e8ec6775c873642c5b834b74
-
SHA1
1b1497826b127c246f8dabf76e1b70282de5dd4d
-
SHA256
735dd69f2f238ab5aadf794e088d67c71cff9321f753fc47c1c8de4f914567ed
-
SHA512
882e9baf4c3404dc69e1a866f9f707cd259be9fff097f69f7aa513a9e0d5e6c9b910f96eebb96d0c8b52607e02cca9f8df3768a85c3b85debdefcbe57cefcd96
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-