General
-
Target
59757318723e5bcf0dc7acb1e50a016f.bat
-
Size
220B
-
Sample
200821-1t68pdd5e2
-
MD5
3ce440975e6a9f2c1b282370f89d2c24
-
SHA1
78649de7adceedaf9701fee3ae23b048df1ae0fb
-
SHA256
32fd1da6b6ea751505cb7a81d90fc2f0925a62a78c917262e96fee968b627474
-
SHA512
179853fc7cb0339b71778d815c0c2834027bc942a70a832149ce62ce0bd05f99222032affe9c07e01542071dc2ca11343d45ee29945bc6d19cee9d4679953188
Static task
static1
Behavioral task
behavioral1
Sample
59757318723e5bcf0dc7acb1e50a016f.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
59757318723e5bcf0dc7acb1e50a016f.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/59757318723e5bcf0dc7acb1e50a016f
Extracted
C:\4u3501oc6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5775F44007633814
http://decryptor.cc/5775F44007633814
Extracted
C:\atmf00-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2C1895CC9C2E527E
http://decryptor.cc/2C1895CC9C2E527E
Targets
-
-
Target
59757318723e5bcf0dc7acb1e50a016f.bat
-
Size
220B
-
MD5
3ce440975e6a9f2c1b282370f89d2c24
-
SHA1
78649de7adceedaf9701fee3ae23b048df1ae0fb
-
SHA256
32fd1da6b6ea751505cb7a81d90fc2f0925a62a78c917262e96fee968b627474
-
SHA512
179853fc7cb0339b71778d815c0c2834027bc942a70a832149ce62ce0bd05f99222032affe9c07e01542071dc2ca11343d45ee29945bc6d19cee9d4679953188
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-