General
-
Target
6bfe2bf5d32adbdaa5ef03bf7c3652cf.bat
-
Size
215B
-
Sample
200818-d9jpehclts
-
MD5
4ff9830e5ccfee8915f14f83fe8f1918
-
SHA1
0efe2413519a6ce400cc4042ee029c2b84b73b25
-
SHA256
6e19ccbb3e491327f4ddebd05fd7ce6c87d9a94acd5851b856569ecb1a17a347
-
SHA512
222eeadcd7acf048a6e5cd50d5df143c63f1200f9bc571333aff360ba7e88453152e071383d1f6d68fc889556beb01b931f08305d5daaa4ed1e697be60920108
Static task
static1
Behavioral task
behavioral1
Sample
6bfe2bf5d32adbdaa5ef03bf7c3652cf.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
6bfe2bf5d32adbdaa5ef03bf7c3652cf.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/6bfe2bf5d32adbdaa5ef03bf7c3652cf
Extracted
C:\21bh2n-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/176BEE8C9B811708
http://decryptor.cc/176BEE8C9B811708
Extracted
C:\zs2qv453-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B5E4685867457647
http://decryptor.cc/B5E4685867457647
Targets
-
-
Target
6bfe2bf5d32adbdaa5ef03bf7c3652cf.bat
-
Size
215B
-
MD5
4ff9830e5ccfee8915f14f83fe8f1918
-
SHA1
0efe2413519a6ce400cc4042ee029c2b84b73b25
-
SHA256
6e19ccbb3e491327f4ddebd05fd7ce6c87d9a94acd5851b856569ecb1a17a347
-
SHA512
222eeadcd7acf048a6e5cd50d5df143c63f1200f9bc571333aff360ba7e88453152e071383d1f6d68fc889556beb01b931f08305d5daaa4ed1e697be60920108
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-