General
-
Target
82d5933a7fe8497bb64008a8ad2bdaa6.bat
-
Size
220B
-
Sample
200819-pj1y771rdx
-
MD5
613e281b75ac4b2fdf68a543bf8e3910
-
SHA1
04cba786c3f966f0b61a930155de7ccfb85e5edb
-
SHA256
697fd96092e104056ff21a7acab7b07da036f4e8d6cb9f672814b51be95591ed
-
SHA512
389ba3e5b8d2188f3d1b6acb152607b567c815869ef0435e55e9eaa3ee93e31a692cc647369e21786c56bdd178bc6413f881abfcc2c8b5b38493891a86907dcb
Static task
static1
Behavioral task
behavioral1
Sample
82d5933a7fe8497bb64008a8ad2bdaa6.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
82d5933a7fe8497bb64008a8ad2bdaa6.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/82d5933a7fe8497bb64008a8ad2bdaa6
Extracted
C:\ml005-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2A37A62126565D9D
http://decryptor.cc/2A37A62126565D9D
Extracted
C:\ja1kdhk2-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/60709E04D1E2CABE
http://decryptor.cc/60709E04D1E2CABE
Targets
-
-
Target
82d5933a7fe8497bb64008a8ad2bdaa6.bat
-
Size
220B
-
MD5
613e281b75ac4b2fdf68a543bf8e3910
-
SHA1
04cba786c3f966f0b61a930155de7ccfb85e5edb
-
SHA256
697fd96092e104056ff21a7acab7b07da036f4e8d6cb9f672814b51be95591ed
-
SHA512
389ba3e5b8d2188f3d1b6acb152607b567c815869ef0435e55e9eaa3ee93e31a692cc647369e21786c56bdd178bc6413f881abfcc2c8b5b38493891a86907dcb
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-