General
-
Target
671ad8514649a9e90db4be04050939fc.bat
-
Size
222B
-
Sample
200815-4w9d5s8h6j
-
MD5
ae3b86ee141489a333cd5b79879ce5fb
-
SHA1
59fcd2d5b1dc48ea3a135a908d2342f41801c748
-
SHA256
9f5a1dc3b6de60187465045347cd822a1442279e6d75aa5b8e08bfe8811619c4
-
SHA512
08e7101feb1b8fcc3e48a3b6586279038d039490a198bbfa3c71acfb6c020b917a5941517376d1f7518f8e28b810f871c0401ad2aa0dc5ff86c522a18973d6c7
Static task
static1
Behavioral task
behavioral1
Sample
671ad8514649a9e90db4be04050939fc.bat
Resource
win7
Behavioral task
behavioral2
Sample
671ad8514649a9e90db4be04050939fc.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/671ad8514649a9e90db4be04050939fc
Extracted
C:\t59qq1s-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FA804DD0DEFEFFDE
http://decryptor.cc/FA804DD0DEFEFFDE
Extracted
C:\606xjwojaa-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6AD7DD90AE53F818
http://decryptor.cc/6AD7DD90AE53F818
Targets
-
-
Target
671ad8514649a9e90db4be04050939fc.bat
-
Size
222B
-
MD5
ae3b86ee141489a333cd5b79879ce5fb
-
SHA1
59fcd2d5b1dc48ea3a135a908d2342f41801c748
-
SHA256
9f5a1dc3b6de60187465045347cd822a1442279e6d75aa5b8e08bfe8811619c4
-
SHA512
08e7101feb1b8fcc3e48a3b6586279038d039490a198bbfa3c71acfb6c020b917a5941517376d1f7518f8e28b810f871c0401ad2aa0dc5ff86c522a18973d6c7
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-