General
-
Target
f273d69e572f51a031e40b8c83f3e58b.bat
-
Size
222B
-
Sample
200813-ezseeea1pn
-
MD5
8609a1469584fe2c96aa61c898fd08e2
-
SHA1
184957747a301ae172a76046daf5480c525a55db
-
SHA256
add2d6d1bb4a21cb6e1b3266aea269d4e66dbd7999ef070b81760cc64d547bac
-
SHA512
2192354833c5c0c07ad79980769ef1090d7232717f9c73c13f16b4558593a9eb3028818dbc564433a41bfc3f092ea1a39cffccf0440a81dbc09ab8f5114162ec
Static task
static1
Behavioral task
behavioral1
Sample
f273d69e572f51a031e40b8c83f3e58b.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
f273d69e572f51a031e40b8c83f3e58b.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/f273d69e572f51a031e40b8c83f3e58b
Extracted
C:\3333t-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/75209EA47D1D4065
http://decryptor.cc/75209EA47D1D4065
Extracted
C:\1r32tvi-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C9DA0EA57E115466
http://decryptor.cc/C9DA0EA57E115466
Targets
-
-
Target
f273d69e572f51a031e40b8c83f3e58b.bat
-
Size
222B
-
MD5
8609a1469584fe2c96aa61c898fd08e2
-
SHA1
184957747a301ae172a76046daf5480c525a55db
-
SHA256
add2d6d1bb4a21cb6e1b3266aea269d4e66dbd7999ef070b81760cc64d547bac
-
SHA512
2192354833c5c0c07ad79980769ef1090d7232717f9c73c13f16b4558593a9eb3028818dbc564433a41bfc3f092ea1a39cffccf0440a81dbc09ab8f5114162ec
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-