General
-
Target
6b344dbcf15e9fffe23ce5307af78070.bat
-
Size
215B
-
Sample
200819-zjblk4fyrx
-
MD5
edcaf035412a5f6b004822eeba9ec0bc
-
SHA1
5b65ca011d951eaa8266950415eb13dc55766d40
-
SHA256
a7804db792288327cecffcd3cf6d6addf7ab9d7c56fac80b588aa76e96e0c383
-
SHA512
10e58b8f554cca5133ebb0c33800a2de7e063712a791832eaa505379a7897375737f20bad7c7ce0e6ecd1e79e2ab2d5728529fa6a3750f050d56509503474c02
Static task
static1
Behavioral task
behavioral1
Sample
6b344dbcf15e9fffe23ce5307af78070.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
6b344dbcf15e9fffe23ce5307af78070.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/6b344dbcf15e9fffe23ce5307af78070
Extracted
C:\7h6tcv2-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/1481311B8AFEB78D
http://decryptor.cc/1481311B8AFEB78D
Extracted
C:\42dh2096-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/09D8D1069D6958FB
http://decryptor.cc/09D8D1069D6958FB
Targets
-
-
Target
6b344dbcf15e9fffe23ce5307af78070.bat
-
Size
215B
-
MD5
edcaf035412a5f6b004822eeba9ec0bc
-
SHA1
5b65ca011d951eaa8266950415eb13dc55766d40
-
SHA256
a7804db792288327cecffcd3cf6d6addf7ab9d7c56fac80b588aa76e96e0c383
-
SHA512
10e58b8f554cca5133ebb0c33800a2de7e063712a791832eaa505379a7897375737f20bad7c7ce0e6ecd1e79e2ab2d5728529fa6a3750f050d56509503474c02
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-