General
-
Target
703f05dca6cfaba3626152c6d4d1fcd6.bat
-
Size
220B
-
Sample
200829-aey3r2slqa
-
MD5
0a6ac1495b26f97102dc547e02722707
-
SHA1
a15c39e75f663c0e0ee152ac9c09541ffd6d1221
-
SHA256
25ef88f973e50b6cd72f2dd572618de7302e12a2925429568598205dc85a9585
-
SHA512
04b8fffa2dc6bb4b867392c307ae9472849b6872b8fca42568fec4ee07e76d09f41ff16007725b36a86ce3f45fabd6c5f86ac2ff26c71805cd11213bff539c2a
Static task
static1
Behavioral task
behavioral1
Sample
703f05dca6cfaba3626152c6d4d1fcd6.bat
Resource
win7
Behavioral task
behavioral2
Sample
703f05dca6cfaba3626152c6d4d1fcd6.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/703f05dca6cfaba3626152c6d4d1fcd6
Extracted
C:\5i0ubx-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2122EC22BD4D0BB7
http://decryptor.cc/2122EC22BD4D0BB7
Targets
-
-
Target
703f05dca6cfaba3626152c6d4d1fcd6.bat
-
Size
220B
-
MD5
0a6ac1495b26f97102dc547e02722707
-
SHA1
a15c39e75f663c0e0ee152ac9c09541ffd6d1221
-
SHA256
25ef88f973e50b6cd72f2dd572618de7302e12a2925429568598205dc85a9585
-
SHA512
04b8fffa2dc6bb4b867392c307ae9472849b6872b8fca42568fec4ee07e76d09f41ff16007725b36a86ce3f45fabd6c5f86ac2ff26c71805cd11213bff539c2a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-