General
-
Target
08f4c5c03fc0cc5d53abc87c636fa352.bat
-
Size
221B
-
Sample
200928-jx91wta3kx
-
MD5
7ee19b8c819ff3a99af00edb39c76594
-
SHA1
bca4f04f6195e10b42ff3332972479534a08facd
-
SHA256
cb305053b4e91dec8aedea6cd2cab583157579077bf24200d126be60856abae2
-
SHA512
37ef4e655549d664b8385ccdc6749a3322956d61f3f05076ffbdcfdc07d479ddfeeddc5a1ffa710044eb1e4b9a597417df459c9dc6bc1733e7dba5f3061bbb5f
Static task
static1
Behavioral task
behavioral1
Sample
08f4c5c03fc0cc5d53abc87c636fa352.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
08f4c5c03fc0cc5d53abc87c636fa352.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/08f4c5c03fc0cc5d53abc87c636fa352
Extracted
C:\b2wp3hgp2i-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EF643CC24900CB20
http://decryptor.cc/EF643CC24900CB20
Targets
-
-
Target
08f4c5c03fc0cc5d53abc87c636fa352.bat
-
Size
221B
-
MD5
7ee19b8c819ff3a99af00edb39c76594
-
SHA1
bca4f04f6195e10b42ff3332972479534a08facd
-
SHA256
cb305053b4e91dec8aedea6cd2cab583157579077bf24200d126be60856abae2
-
SHA512
37ef4e655549d664b8385ccdc6749a3322956d61f3f05076ffbdcfdc07d479ddfeeddc5a1ffa710044eb1e4b9a597417df459c9dc6bc1733e7dba5f3061bbb5f
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-