General
-
Target
f273d69e572f51a031e40b8c83f3e58b.bat
-
Size
222B
-
Sample
200812-rmpjfcwlbn
-
MD5
8609a1469584fe2c96aa61c898fd08e2
-
SHA1
184957747a301ae172a76046daf5480c525a55db
-
SHA256
add2d6d1bb4a21cb6e1b3266aea269d4e66dbd7999ef070b81760cc64d547bac
-
SHA512
2192354833c5c0c07ad79980769ef1090d7232717f9c73c13f16b4558593a9eb3028818dbc564433a41bfc3f092ea1a39cffccf0440a81dbc09ab8f5114162ec
Static task
static1
Behavioral task
behavioral1
Sample
f273d69e572f51a031e40b8c83f3e58b.bat
Resource
win7
Behavioral task
behavioral2
Sample
f273d69e572f51a031e40b8c83f3e58b.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/f273d69e572f51a031e40b8c83f3e58b
Extracted
C:\x4hv9t-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/634D9899C2608FB1
http://decryptor.cc/634D9899C2608FB1
Extracted
C:\xfkawd-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/BCBA683F8E6DCD73
http://decryptor.cc/BCBA683F8E6DCD73
Targets
-
-
Target
f273d69e572f51a031e40b8c83f3e58b.bat
-
Size
222B
-
MD5
8609a1469584fe2c96aa61c898fd08e2
-
SHA1
184957747a301ae172a76046daf5480c525a55db
-
SHA256
add2d6d1bb4a21cb6e1b3266aea269d4e66dbd7999ef070b81760cc64d547bac
-
SHA512
2192354833c5c0c07ad79980769ef1090d7232717f9c73c13f16b4558593a9eb3028818dbc564433a41bfc3f092ea1a39cffccf0440a81dbc09ab8f5114162ec
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-