General
-
Target
cfc86f216b68d4b768a61dc8091a67ab.bat
-
Size
217B
-
Sample
200902-w44edhe82x
-
MD5
89876aac9d3c6644f7ae3b4cf68d7a1e
-
SHA1
e37353d60d13106478fd94133ec1ae8b15e51062
-
SHA256
146be0d88aa964787807ec908e13f1eb124530caca22ad1c3d80c73761892e90
-
SHA512
8ea7a17a997a6b12f0acac1951fe0dc70c57221bd2204173597b951e7bf77b3f1f94a5ded81f074f51cb159d4ebe7bf7db1c207fd4febcfae1183788890ee503
Static task
static1
Behavioral task
behavioral1
Sample
cfc86f216b68d4b768a61dc8091a67ab.bat
Resource
win7
Behavioral task
behavioral2
Sample
cfc86f216b68d4b768a61dc8091a67ab.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/cfc86f216b68d4b768a61dc8091a67ab
Extracted
C:\g2u6d92-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/73FCEC3F69393DC5
http://decryptor.cc/73FCEC3F69393DC5
Targets
-
-
Target
cfc86f216b68d4b768a61dc8091a67ab.bat
-
Size
217B
-
MD5
89876aac9d3c6644f7ae3b4cf68d7a1e
-
SHA1
e37353d60d13106478fd94133ec1ae8b15e51062
-
SHA256
146be0d88aa964787807ec908e13f1eb124530caca22ad1c3d80c73761892e90
-
SHA512
8ea7a17a997a6b12f0acac1951fe0dc70c57221bd2204173597b951e7bf77b3f1f94a5ded81f074f51cb159d4ebe7bf7db1c207fd4febcfae1183788890ee503
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-