General
-
Target
01619b049472811b76565ddd589bc9eb.bat
-
Size
221B
-
Sample
200903-6gn7sqxysn
-
MD5
3ab48b49f0f231c470e42900d1a7e59f
-
SHA1
a25a30cfa56bd61d0484e2a37fd86fb365edf99a
-
SHA256
d58ef2af3b2f9387c21e0e0b5b81594a995dc4a09e8befa0f0d95700bc9a342c
-
SHA512
f6a7e33125726389dd01e7cfcce2286050cc48d56b465c719f8d5bfe6facef0fbf83ad47111c52ecd3d67f090e394dfaa842013f71b9b7d81f2c0e8c4e9ab4e5
Static task
static1
Behavioral task
behavioral1
Sample
01619b049472811b76565ddd589bc9eb.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
01619b049472811b76565ddd589bc9eb.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/01619b049472811b76565ddd589bc9eb
Extracted
C:\m6h3sco-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/DFAA79F45525AB35
http://decryptor.cc/DFAA79F45525AB35
Targets
-
-
Target
01619b049472811b76565ddd589bc9eb.bat
-
Size
221B
-
MD5
3ab48b49f0f231c470e42900d1a7e59f
-
SHA1
a25a30cfa56bd61d0484e2a37fd86fb365edf99a
-
SHA256
d58ef2af3b2f9387c21e0e0b5b81594a995dc4a09e8befa0f0d95700bc9a342c
-
SHA512
f6a7e33125726389dd01e7cfcce2286050cc48d56b465c719f8d5bfe6facef0fbf83ad47111c52ecd3d67f090e394dfaa842013f71b9b7d81f2c0e8c4e9ab4e5
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-