General
-
Target
058f5b8d291ac79c2bb7a3f231e3b5d8.bat
-
Size
217B
-
Sample
200819-h1y7lxlkjx
-
MD5
ac5dca786af1760da0a1d3554009dc33
-
SHA1
983a1634a67dbebf5f835d167ba968f2daf3efb9
-
SHA256
fc1242a015ede6e41e186c71d0d5d545e49007e5a804d178aa7114fad7ecd189
-
SHA512
5eae6e71fa72edefd9a1373baa4add4e9dd9fc6ad2e7410f83fb56b1ec10633b5bf2d296016857c9667564ee1043a9207f7dc8ff0dab8b363598902eb1f8c611
Static task
static1
Behavioral task
behavioral1
Sample
058f5b8d291ac79c2bb7a3f231e3b5d8.bat
Resource
win7
Behavioral task
behavioral2
Sample
058f5b8d291ac79c2bb7a3f231e3b5d8.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/058f5b8d291ac79c2bb7a3f231e3b5d8
Extracted
C:\nhq84-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A69ACD13773F7655
http://decryptor.cc/A69ACD13773F7655
Extracted
C:\s9m06ipi-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E699305EEEC93634
http://decryptor.cc/E699305EEEC93634
Targets
-
-
Target
058f5b8d291ac79c2bb7a3f231e3b5d8.bat
-
Size
217B
-
MD5
ac5dca786af1760da0a1d3554009dc33
-
SHA1
983a1634a67dbebf5f835d167ba968f2daf3efb9
-
SHA256
fc1242a015ede6e41e186c71d0d5d545e49007e5a804d178aa7114fad7ecd189
-
SHA512
5eae6e71fa72edefd9a1373baa4add4e9dd9fc6ad2e7410f83fb56b1ec10633b5bf2d296016857c9667564ee1043a9207f7dc8ff0dab8b363598902eb1f8c611
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-