General
-
Target
ee784cf3584e7d556683ef667f8905c7.bat
-
Size
213B
-
Sample
200908-3grsre8ews
-
MD5
f875790db1a23bbb0f99b5d028e3dcdb
-
SHA1
be6db7752b70a78736535d0b832da469ee3030d2
-
SHA256
e7e8cf1b2c56a7d5810b8158b78da915ec54ccaf837e10277a88baf327edac05
-
SHA512
1a301a17acfb97cb522278aa77a3d06efa64338931509ce8a49431d481954a2f209bb5b41a25daae11c59de88eb232f702c5559a9b52f04f20f0aaee0f6b42d7
Static task
static1
Behavioral task
behavioral1
Sample
ee784cf3584e7d556683ef667f8905c7.bat
Resource
win7
Behavioral task
behavioral2
Sample
ee784cf3584e7d556683ef667f8905c7.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/ee784cf3584e7d556683ef667f8905c7
Extracted
C:\owgae0e-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6301BF5911DE7F8B
http://decryptor.cc/6301BF5911DE7F8B
Targets
-
-
Target
ee784cf3584e7d556683ef667f8905c7.bat
-
Size
213B
-
MD5
f875790db1a23bbb0f99b5d028e3dcdb
-
SHA1
be6db7752b70a78736535d0b832da469ee3030d2
-
SHA256
e7e8cf1b2c56a7d5810b8158b78da915ec54ccaf837e10277a88baf327edac05
-
SHA512
1a301a17acfb97cb522278aa77a3d06efa64338931509ce8a49431d481954a2f209bb5b41a25daae11c59de88eb232f702c5559a9b52f04f20f0aaee0f6b42d7
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-