General
-
Target
ab140e9cdf481895e1fc3230b74a6163.bat
-
Size
222B
-
Sample
200915-3ltfp9j76s
-
MD5
2c0b9ea7ff3eb83f39fbefb161432e0a
-
SHA1
660fc5ebdfc2b59488b46f4b4e05873d697a84e0
-
SHA256
765c8a1c379b68045e0723ad205edd2ebbdea57c003ec7fb78bb91868ff1d2bd
-
SHA512
fb4b97e568e0e8204ec9039cbf8f6c808a0f96feca4ff85f2bfec2279e09f3f53a8373035669ee04cc239a10920c2d6864b59ae35eeac04e09384959c36e0577
Static task
static1
Behavioral task
behavioral1
Sample
ab140e9cdf481895e1fc3230b74a6163.bat
Resource
win7
Behavioral task
behavioral2
Sample
ab140e9cdf481895e1fc3230b74a6163.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/ab140e9cdf481895e1fc3230b74a6163
Extracted
C:\ihcc6n0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0BB4174AE31E53C1
http://decryptor.cc/0BB4174AE31E53C1
Targets
-
-
Target
ab140e9cdf481895e1fc3230b74a6163.bat
-
Size
222B
-
MD5
2c0b9ea7ff3eb83f39fbefb161432e0a
-
SHA1
660fc5ebdfc2b59488b46f4b4e05873d697a84e0
-
SHA256
765c8a1c379b68045e0723ad205edd2ebbdea57c003ec7fb78bb91868ff1d2bd
-
SHA512
fb4b97e568e0e8204ec9039cbf8f6c808a0f96feca4ff85f2bfec2279e09f3f53a8373035669ee04cc239a10920c2d6864b59ae35eeac04e09384959c36e0577
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-