General
-
Target
484333e52a633dd4ddba453c88728166.bat
-
Size
220B
-
Sample
200901-an4235mdbj
-
MD5
78a20a9e11dcafee6975c27337f224f6
-
SHA1
bf2f2d540d8c622f2c35950b2517e06bd1ffa085
-
SHA256
bdb3f36c480f19ec8d2aa9a181d0f606f53586ba44e2065be4b5a94cc4460913
-
SHA512
206fdef2f70c68a78c5a261d15e795faf814384a3124f9dc149ce215eb15e9b2fb7dea1aef79183228a5af6d014bd3dc6cacaaab6b9cbeaf81d95475406717ab
Static task
static1
Behavioral task
behavioral1
Sample
484333e52a633dd4ddba453c88728166.bat
Resource
win7
Behavioral task
behavioral2
Sample
484333e52a633dd4ddba453c88728166.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/484333e52a633dd4ddba453c88728166
Extracted
C:\19887099q-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CA0CFA7B45EE3878
http://decryptor.cc/CA0CFA7B45EE3878
Targets
-
-
Target
484333e52a633dd4ddba453c88728166.bat
-
Size
220B
-
MD5
78a20a9e11dcafee6975c27337f224f6
-
SHA1
bf2f2d540d8c622f2c35950b2517e06bd1ffa085
-
SHA256
bdb3f36c480f19ec8d2aa9a181d0f606f53586ba44e2065be4b5a94cc4460913
-
SHA512
206fdef2f70c68a78c5a261d15e795faf814384a3124f9dc149ce215eb15e9b2fb7dea1aef79183228a5af6d014bd3dc6cacaaab6b9cbeaf81d95475406717ab
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-