General
-
Target
1c69f4f012b140cb5a8804fe58a41126.bat
-
Size
221B
-
Sample
200822-j7tm86vkwe
-
MD5
88eb700e439d918adcecb389a5bcf6b8
-
SHA1
905eec03268857b86e52a8510eb71ca499d75361
-
SHA256
a80c7d0195818572a4440425811e01f0f8259566df0d77c4ef7a928c64de77ce
-
SHA512
6c1bbe97ea867f670d521a108db6fb0cbde85c34d10b53746b16514eaa58f8e96166e105a2d4d75bfe505af85635e4670bfbdf89f0789bfa5cebdc4bf53a4755
Static task
static1
Behavioral task
behavioral1
Sample
1c69f4f012b140cb5a8804fe58a41126.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
1c69f4f012b140cb5a8804fe58a41126.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/1c69f4f012b140cb5a8804fe58a41126
Extracted
C:\bfu354-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/46C78E03B01CE246
http://decryptor.cc/46C78E03B01CE246
Extracted
C:\wy9214j-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/DE4A73E969A070B8
http://decryptor.cc/DE4A73E969A070B8
Targets
-
-
Target
1c69f4f012b140cb5a8804fe58a41126.bat
-
Size
221B
-
MD5
88eb700e439d918adcecb389a5bcf6b8
-
SHA1
905eec03268857b86e52a8510eb71ca499d75361
-
SHA256
a80c7d0195818572a4440425811e01f0f8259566df0d77c4ef7a928c64de77ce
-
SHA512
6c1bbe97ea867f670d521a108db6fb0cbde85c34d10b53746b16514eaa58f8e96166e105a2d4d75bfe505af85635e4670bfbdf89f0789bfa5cebdc4bf53a4755
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-