General
-
Target
235620e528e879523640f19c8cb5ee8e.bat
-
Size
219B
-
Sample
200815-n179sk7r62
-
MD5
3141305118100484c56608118b0125cd
-
SHA1
6130755f363b7419592d3f30e74854847acbde07
-
SHA256
14e3d246bf04730f371e94114788e30bb4a609324dd115e56411f6a5066b8ea1
-
SHA512
f81b732613a643ff65706bc9d3c06fdbd2bdd804661e7899c43f11298145a20a1bfd58c48067e0e218eb789c667ae2c62c278094c89599cd74687a01f758295f
Static task
static1
Behavioral task
behavioral1
Sample
235620e528e879523640f19c8cb5ee8e.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
235620e528e879523640f19c8cb5ee8e.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/235620e528e879523640f19c8cb5ee8e
Extracted
C:\6s33g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/574697AA7F64A4F2
http://decryptor.cc/574697AA7F64A4F2
Extracted
C:\huj40pji59-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E4C4D3882405CF52
http://decryptor.cc/E4C4D3882405CF52
Targets
-
-
Target
235620e528e879523640f19c8cb5ee8e.bat
-
Size
219B
-
MD5
3141305118100484c56608118b0125cd
-
SHA1
6130755f363b7419592d3f30e74854847acbde07
-
SHA256
14e3d246bf04730f371e94114788e30bb4a609324dd115e56411f6a5066b8ea1
-
SHA512
f81b732613a643ff65706bc9d3c06fdbd2bdd804661e7899c43f11298145a20a1bfd58c48067e0e218eb789c667ae2c62c278094c89599cd74687a01f758295f
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-