General
-
Target
02e935713bd82b8d92596478da846147.bat
-
Size
222B
-
Sample
200814-577ysl5k1x
-
MD5
709373b57a3c4758065b1f72f1a19b2d
-
SHA1
b820438ee7bcc43e84373b68f9fec3bedc10c25a
-
SHA256
ab2207ca32e7d0e2434060e8a2d6cb8bf247c9d3174fe86c5c06fb0100c31838
-
SHA512
d5061ac40ed9258dcb412dcf5eb05fe716affcd44a388b81b9b89e29317f51138fc8e7a13d1f195a5d3647736aea67c66a1d73fb4cff70406851cd2c29f1816f
Static task
static1
Behavioral task
behavioral1
Sample
02e935713bd82b8d92596478da846147.bat
Resource
win7
Behavioral task
behavioral2
Sample
02e935713bd82b8d92596478da846147.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/02e935713bd82b8d92596478da846147
Extracted
C:\3o0686-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3A852CC17EF37947
http://decryptor.cc/3A852CC17EF37947
Extracted
C:\69j456788-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A3AEEB525E171025
http://decryptor.cc/A3AEEB525E171025
Targets
-
-
Target
02e935713bd82b8d92596478da846147.bat
-
Size
222B
-
MD5
709373b57a3c4758065b1f72f1a19b2d
-
SHA1
b820438ee7bcc43e84373b68f9fec3bedc10c25a
-
SHA256
ab2207ca32e7d0e2434060e8a2d6cb8bf247c9d3174fe86c5c06fb0100c31838
-
SHA512
d5061ac40ed9258dcb412dcf5eb05fe716affcd44a388b81b9b89e29317f51138fc8e7a13d1f195a5d3647736aea67c66a1d73fb4cff70406851cd2c29f1816f
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-