General
-
Target
d011698f0a0292375484c2ce503fd5f4.bat
-
Size
221B
-
Sample
200822-yk69m46y1s
-
MD5
2620ae9cab8fc22007e8184ba8972c49
-
SHA1
fa1095550cb3150a7cadd676bb594e5c60060a2c
-
SHA256
6031919615418117acd8af53074b43ca886e452074663ea10765ae56ff83b813
-
SHA512
8a2b0c4537d60159956ce3edf73f136ee9bd2c7194b0a0dbed17c234df0a8bb5a0effb21752bd9d6d5c7b87e43ae50f7e6fb58e613a9e61533b0b7274dfe8ebe
Static task
static1
Behavioral task
behavioral1
Sample
d011698f0a0292375484c2ce503fd5f4.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
d011698f0a0292375484c2ce503fd5f4.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/d011698f0a0292375484c2ce503fd5f4
Extracted
C:\ae5ba-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3A11937213753CE2
http://decryptor.cc/3A11937213753CE2
Extracted
C:\8g4frqd169-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/09D8D1069D6958FB
http://decryptor.cc/09D8D1069D6958FB
Targets
-
-
Target
d011698f0a0292375484c2ce503fd5f4.bat
-
Size
221B
-
MD5
2620ae9cab8fc22007e8184ba8972c49
-
SHA1
fa1095550cb3150a7cadd676bb594e5c60060a2c
-
SHA256
6031919615418117acd8af53074b43ca886e452074663ea10765ae56ff83b813
-
SHA512
8a2b0c4537d60159956ce3edf73f136ee9bd2c7194b0a0dbed17c234df0a8bb5a0effb21752bd9d6d5c7b87e43ae50f7e6fb58e613a9e61533b0b7274dfe8ebe
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-