General
-
Target
25670aeb8c557614c06e34c5a9c253e5.bat
-
Size
219B
-
Sample
200823-tkcsryvf6e
-
MD5
c052ffa560e4de5251e2ea89d88526b5
-
SHA1
5f0a6636545f8107c02801a0a190a1a8c274b190
-
SHA256
5949574200b2d571b720bac31031f7a5b01d4224da05e5cd5064156972eba462
-
SHA512
f5f8fc051da52356820f62fd5088115bb5108d6cb37b2c13f0538816f84247f24d0188988407d8a9351ebd1ed5275a3c74daa49c6c6dcae02241b175a5a79f84
Static task
static1
Behavioral task
behavioral1
Sample
25670aeb8c557614c06e34c5a9c253e5.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
25670aeb8c557614c06e34c5a9c253e5.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/25670aeb8c557614c06e34c5a9c253e5
Extracted
C:\y51yj-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2B4A499010E7BCEC
http://decryptor.cc/2B4A499010E7BCEC
Extracted
C:\429c34h-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5EBEAD0EEC4F7ACC
http://decryptor.cc/5EBEAD0EEC4F7ACC
Targets
-
-
Target
25670aeb8c557614c06e34c5a9c253e5.bat
-
Size
219B
-
MD5
c052ffa560e4de5251e2ea89d88526b5
-
SHA1
5f0a6636545f8107c02801a0a190a1a8c274b190
-
SHA256
5949574200b2d571b720bac31031f7a5b01d4224da05e5cd5064156972eba462
-
SHA512
f5f8fc051da52356820f62fd5088115bb5108d6cb37b2c13f0538816f84247f24d0188988407d8a9351ebd1ed5275a3c74daa49c6c6dcae02241b175a5a79f84
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-