General
-
Target
148191c5edb43b691f1df387dc563507.bat
-
Size
216B
-
Sample
200822-jhk73jncc2
-
MD5
136cfde5a2f54a7d8742d25570058e5c
-
SHA1
4c5f2992b01fa216311c261996c0ac751485f533
-
SHA256
9988e330f6441a383a3c4b89544670f2ea60dbb9c587cb938fe71dee77003391
-
SHA512
5328bc43411d7761f39c13c213cb10f6da9b81be55e8031ab77ca34fd1aeeac7d0290cd86ba0951d5f232e43fd3a738a54c601dd0c1518481750758e2611eca3
Static task
static1
Behavioral task
behavioral1
Sample
148191c5edb43b691f1df387dc563507.bat
Resource
win7
Behavioral task
behavioral2
Sample
148191c5edb43b691f1df387dc563507.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/148191c5edb43b691f1df387dc563507
Extracted
C:\059f116e4g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3CE3B07FC7BDE577
http://decryptor.cc/3CE3B07FC7BDE577
Extracted
C:\30972ehjnb-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/847FCBD1B7E34899
http://decryptor.cc/847FCBD1B7E34899
Targets
-
-
Target
148191c5edb43b691f1df387dc563507.bat
-
Size
216B
-
MD5
136cfde5a2f54a7d8742d25570058e5c
-
SHA1
4c5f2992b01fa216311c261996c0ac751485f533
-
SHA256
9988e330f6441a383a3c4b89544670f2ea60dbb9c587cb938fe71dee77003391
-
SHA512
5328bc43411d7761f39c13c213cb10f6da9b81be55e8031ab77ca34fd1aeeac7d0290cd86ba0951d5f232e43fd3a738a54c601dd0c1518481750758e2611eca3
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-