General
-
Target
57948d7f2e776c683d1bec54a461ce1d.bat
-
Size
220B
-
Sample
200914-z5nkf219e6
-
MD5
f639a0fd02a603ce76b6024956fdc25b
-
SHA1
783590b7e2a89acb69468ac3ece79f3bcf9b6137
-
SHA256
63c63bb4f93c338d10395291b9b6255eb0d16250de46491f572a20284da5a007
-
SHA512
7ff6c69a22632f4adc6dae824d095714bebbe45023f7a961c293a0faa472063b8965c183442977ba54453154d02dade43d2d7c3dd2234bf97e27b1422e81e4bb
Static task
static1
Behavioral task
behavioral1
Sample
57948d7f2e776c683d1bec54a461ce1d.bat
Resource
win7
Behavioral task
behavioral2
Sample
57948d7f2e776c683d1bec54a461ce1d.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/57948d7f2e776c683d1bec54a461ce1d
Extracted
C:\37fj7cqpj9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/54CD3F1033C33A4E
http://decryptor.cc/54CD3F1033C33A4E
Targets
-
-
Target
57948d7f2e776c683d1bec54a461ce1d.bat
-
Size
220B
-
MD5
f639a0fd02a603ce76b6024956fdc25b
-
SHA1
783590b7e2a89acb69468ac3ece79f3bcf9b6137
-
SHA256
63c63bb4f93c338d10395291b9b6255eb0d16250de46491f572a20284da5a007
-
SHA512
7ff6c69a22632f4adc6dae824d095714bebbe45023f7a961c293a0faa472063b8965c183442977ba54453154d02dade43d2d7c3dd2234bf97e27b1422e81e4bb
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-