General
-
Target
3defad0fc0a8b4e37a73ffc6d2ea8f2c.bat
-
Size
217B
-
Sample
200810-pazdh51w9j
-
MD5
2ab61d56f01d736001ccaac50b4175b3
-
SHA1
eb1e9c14e901a1dc760cf78c692a5ebc095b6bda
-
SHA256
db2c20d79fbbbaf8f83bee3506d0a2dfa7bcb5fd1e69be9abcf7c0016f0679ed
-
SHA512
81c624f718127b9f15c9f5fcc73b8e141263291061054393063974ba20c531574d9bbba856c2b63e0ac40a87067984b82dcd641eadffba3e6b804811bb9316cc
Static task
static1
Behavioral task
behavioral1
Sample
3defad0fc0a8b4e37a73ffc6d2ea8f2c.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
3defad0fc0a8b4e37a73ffc6d2ea8f2c.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/3defad0fc0a8b4e37a73ffc6d2ea8f2c
Extracted
C:\9tn257c-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/861ABC9D5555F057
http://decryptor.cc/861ABC9D5555F057
Extracted
C:\0u2zl1sr-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D4524545FFD1B6A
http://decryptor.cc/2D4524545FFD1B6A
Targets
-
-
Target
3defad0fc0a8b4e37a73ffc6d2ea8f2c.bat
-
Size
217B
-
MD5
2ab61d56f01d736001ccaac50b4175b3
-
SHA1
eb1e9c14e901a1dc760cf78c692a5ebc095b6bda
-
SHA256
db2c20d79fbbbaf8f83bee3506d0a2dfa7bcb5fd1e69be9abcf7c0016f0679ed
-
SHA512
81c624f718127b9f15c9f5fcc73b8e141263291061054393063974ba20c531574d9bbba856c2b63e0ac40a87067984b82dcd641eadffba3e6b804811bb9316cc
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-