General
-
Target
7cd0bfdb268bef7da1671e95b6f5aa33.bat
-
Size
216B
-
Sample
200815-va8x64syjs
-
MD5
a5ff6055fd55ba2b81de2d9b7100ec8a
-
SHA1
b8df51a999fc532ba49b2f5769ed7b850ca94f75
-
SHA256
60f07d4e5bfcf8fc08bf003d47aa6915f9c2dd834aa0b75985106206216a460c
-
SHA512
9596d6d408462e5eea678ffa474b6fca135fe71ad024ce6e080ef350ec370c7820585e805e58f44e11cd1fb362badc39878794e505343892c6eb4cbbccbca20d
Static task
static1
Behavioral task
behavioral1
Sample
7cd0bfdb268bef7da1671e95b6f5aa33.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
7cd0bfdb268bef7da1671e95b6f5aa33.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/7cd0bfdb268bef7da1671e95b6f5aa33
Extracted
C:\lzv1c-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/525AF2391A87112C
http://decryptor.cc/525AF2391A87112C
Extracted
C:\860d66w-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3FB5F5D0526F17E3
http://decryptor.cc/3FB5F5D0526F17E3
Targets
-
-
Target
7cd0bfdb268bef7da1671e95b6f5aa33.bat
-
Size
216B
-
MD5
a5ff6055fd55ba2b81de2d9b7100ec8a
-
SHA1
b8df51a999fc532ba49b2f5769ed7b850ca94f75
-
SHA256
60f07d4e5bfcf8fc08bf003d47aa6915f9c2dd834aa0b75985106206216a460c
-
SHA512
9596d6d408462e5eea678ffa474b6fca135fe71ad024ce6e080ef350ec370c7820585e805e58f44e11cd1fb362badc39878794e505343892c6eb4cbbccbca20d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-