General
-
Target
9842da71e658da87f135c517a3f7aba2.bat
-
Size
219B
-
Sample
200815-hj2glw6lrs
-
MD5
5acf7c3e584d3bebc79930940e9cbb00
-
SHA1
37f0819fd07164c0b419c2947e43fd06a07fc83a
-
SHA256
62059583f678cc07ba6d42a856ff79d0747e13f0d1b2b6e2c75ec316bf47d686
-
SHA512
c6cdf567391326815253277475a921f2f454c434324592a63c91a9e08818806e223dcbc41e345debf124611a9df1474829bdbd11057e6120038292774ee5b5b8
Static task
static1
Behavioral task
behavioral1
Sample
9842da71e658da87f135c517a3f7aba2.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
9842da71e658da87f135c517a3f7aba2.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/9842da71e658da87f135c517a3f7aba2
Extracted
C:\h29785m8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/322534A63754DCD9
http://decryptor.cc/322534A63754DCD9
Extracted
C:\3b23c7o7-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/34FE0D736BE2A4D7
http://decryptor.cc/34FE0D736BE2A4D7
Targets
-
-
Target
9842da71e658da87f135c517a3f7aba2.bat
-
Size
219B
-
MD5
5acf7c3e584d3bebc79930940e9cbb00
-
SHA1
37f0819fd07164c0b419c2947e43fd06a07fc83a
-
SHA256
62059583f678cc07ba6d42a856ff79d0747e13f0d1b2b6e2c75ec316bf47d686
-
SHA512
c6cdf567391326815253277475a921f2f454c434324592a63c91a9e08818806e223dcbc41e345debf124611a9df1474829bdbd11057e6120038292774ee5b5b8
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-