General
-
Target
16158bc1db4ba8fb8e9a13c34c8a51e1.bat
-
Size
216B
-
Sample
200812-ttlgt56tae
-
MD5
bf75953509fd375616976c6eb6f30aff
-
SHA1
3bf54cce4abd3c3434b7073e4ebe0f480295923c
-
SHA256
5edd7915fd9b57f2643fe8abf646344fccd2efc98d4dcbeab47659b14f59feb4
-
SHA512
8362b4f7c808e754bb468b31140b3ec023527e468ec8a9171111f77e39c55a8b04cc3442bc4c334a3cce25e90b9ce5cd14842d7cbd66fef8d6051d02f8e953f9
Static task
static1
Behavioral task
behavioral1
Sample
16158bc1db4ba8fb8e9a13c34c8a51e1.bat
Resource
win7
Behavioral task
behavioral2
Sample
16158bc1db4ba8fb8e9a13c34c8a51e1.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/16158bc1db4ba8fb8e9a13c34c8a51e1
Extracted
C:\atug0vw6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F3E42D37D77A1BEC
http://decryptor.cc/F3E42D37D77A1BEC
Extracted
C:\4v057e0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/71D027CBC5483D95
http://decryptor.cc/71D027CBC5483D95
Targets
-
-
Target
16158bc1db4ba8fb8e9a13c34c8a51e1.bat
-
Size
216B
-
MD5
bf75953509fd375616976c6eb6f30aff
-
SHA1
3bf54cce4abd3c3434b7073e4ebe0f480295923c
-
SHA256
5edd7915fd9b57f2643fe8abf646344fccd2efc98d4dcbeab47659b14f59feb4
-
SHA512
8362b4f7c808e754bb468b31140b3ec023527e468ec8a9171111f77e39c55a8b04cc3442bc4c334a3cce25e90b9ce5cd14842d7cbd66fef8d6051d02f8e953f9
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-