General
-
Target
398e244bda5a94afa8c2c988f37b2cd6.bat
-
Size
215B
-
Sample
200819-7t6hpgnmsn
-
MD5
3e3fadb01dd3a604d3d369bc51bb3a6f
-
SHA1
6afb2f7dbd13b3f1aa3b86fda6dd1e44b513f195
-
SHA256
dfb5ad14ea6a191cabe5996c4433e3a6b707fb4e5f571a7e6bbc53d6593ee1a7
-
SHA512
100b892215e1896a9b372d21fa4769da6cc7698703cc779f2674dc585d3b03633e7f30aae9fdb4011816db41a775b33fe0853d766c308f3af863c1aa82a1c464
Static task
static1
Behavioral task
behavioral1
Sample
398e244bda5a94afa8c2c988f37b2cd6.bat
Resource
win7
Behavioral task
behavioral2
Sample
398e244bda5a94afa8c2c988f37b2cd6.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/398e244bda5a94afa8c2c988f37b2cd6
Extracted
C:\x04r1y-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8519576D4C181A85
http://decryptor.cc/8519576D4C181A85
Extracted
C:\5suarkx96-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C3AB008315086144
http://decryptor.cc/C3AB008315086144
Targets
-
-
Target
398e244bda5a94afa8c2c988f37b2cd6.bat
-
Size
215B
-
MD5
3e3fadb01dd3a604d3d369bc51bb3a6f
-
SHA1
6afb2f7dbd13b3f1aa3b86fda6dd1e44b513f195
-
SHA256
dfb5ad14ea6a191cabe5996c4433e3a6b707fb4e5f571a7e6bbc53d6593ee1a7
-
SHA512
100b892215e1896a9b372d21fa4769da6cc7698703cc779f2674dc585d3b03633e7f30aae9fdb4011816db41a775b33fe0853d766c308f3af863c1aa82a1c464
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-