General
-
Target
a87639941dd963a944a448c5da3a1d22.bat
-
Size
216B
-
Sample
200908-cjd39e1fyx
-
MD5
4e24b08cc0bb74713a5fdd1a9b647461
-
SHA1
7d9b9ccee1269dd27297d2b5000f34d5b2e8231b
-
SHA256
f4dce5d134eceafacb29f6c45d8fb6155a7e5be430516a0df8f91495b8836abf
-
SHA512
b582aeb8a2b04d4926849e945d27f1690c361d33a79e4ebaced85532af32153aa8e2b5d040d021eb1f95d435c436501199b8c92005418b5916e077a0fc71f40c
Static task
static1
Behavioral task
behavioral1
Sample
a87639941dd963a944a448c5da3a1d22.bat
Resource
win7
Behavioral task
behavioral2
Sample
a87639941dd963a944a448c5da3a1d22.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/a87639941dd963a944a448c5da3a1d22
Extracted
C:\hnvlhb1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CA0CFA7B45EE3878
http://decryptor.cc/CA0CFA7B45EE3878
Targets
-
-
Target
a87639941dd963a944a448c5da3a1d22.bat
-
Size
216B
-
MD5
4e24b08cc0bb74713a5fdd1a9b647461
-
SHA1
7d9b9ccee1269dd27297d2b5000f34d5b2e8231b
-
SHA256
f4dce5d134eceafacb29f6c45d8fb6155a7e5be430516a0df8f91495b8836abf
-
SHA512
b582aeb8a2b04d4926849e945d27f1690c361d33a79e4ebaced85532af32153aa8e2b5d040d021eb1f95d435c436501199b8c92005418b5916e077a0fc71f40c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-