General
-
Target
9e35cd287a986dd3eab0fd5413dbbfb3.bat
-
Size
215B
-
Sample
200829-9k42gq11g6
-
MD5
d14242bd9a927a641dc49bf913b5b570
-
SHA1
b031b26dd6d89c5672b9cb2f7fe66d650222a687
-
SHA256
755c35484b2236919e799e05687ca2aff151593f39c9deee51c33f6f33c97c7a
-
SHA512
ff13f23ffa4f9e0e568b9eb7aacfe9340d72e46dac773d51356b26b5323102c8d016f4c87ff6cb2d3d886961dd335382f37d88f27b6fac7264ae562079780ab0
Static task
static1
Behavioral task
behavioral1
Sample
9e35cd287a986dd3eab0fd5413dbbfb3.bat
Resource
win7
Behavioral task
behavioral2
Sample
9e35cd287a986dd3eab0fd5413dbbfb3.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/9e35cd287a986dd3eab0fd5413dbbfb3
Extracted
C:\5u9099-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/AF6D107408866E7D
http://decryptor.cc/AF6D107408866E7D
Targets
-
-
Target
9e35cd287a986dd3eab0fd5413dbbfb3.bat
-
Size
215B
-
MD5
d14242bd9a927a641dc49bf913b5b570
-
SHA1
b031b26dd6d89c5672b9cb2f7fe66d650222a687
-
SHA256
755c35484b2236919e799e05687ca2aff151593f39c9deee51c33f6f33c97c7a
-
SHA512
ff13f23ffa4f9e0e568b9eb7aacfe9340d72e46dac773d51356b26b5323102c8d016f4c87ff6cb2d3d886961dd335382f37d88f27b6fac7264ae562079780ab0
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-