General
-
Target
907a9dfa1ee12bc85669faaf78bbcea4.bat
-
Size
214B
-
Sample
200928-vbcgjpbs12
-
MD5
e1fe18d046cfe61c5f33836a8a3f7787
-
SHA1
ac46f9af46ba6f847df4627fbfbff3e4f7641305
-
SHA256
17c07801ef59676f056659dea9953b977b2950d02f48bbc4160ea748a71426aa
-
SHA512
1799090232c52da264281d4117b1f76262d752469de2ded0db8176acde4af6c31ba7fe37bfe0339075506884e11e564726d197e27bfeb9df1d7a27487500a9d2
Static task
static1
Behavioral task
behavioral1
Sample
907a9dfa1ee12bc85669faaf78bbcea4.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
907a9dfa1ee12bc85669faaf78bbcea4.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/907a9dfa1ee12bc85669faaf78bbcea4
Extracted
C:\8038l-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EBF382E9B45D1AA0
http://decryptor.cc/EBF382E9B45D1AA0
Targets
-
-
Target
907a9dfa1ee12bc85669faaf78bbcea4.bat
-
Size
214B
-
MD5
e1fe18d046cfe61c5f33836a8a3f7787
-
SHA1
ac46f9af46ba6f847df4627fbfbff3e4f7641305
-
SHA256
17c07801ef59676f056659dea9953b977b2950d02f48bbc4160ea748a71426aa
-
SHA512
1799090232c52da264281d4117b1f76262d752469de2ded0db8176acde4af6c31ba7fe37bfe0339075506884e11e564726d197e27bfeb9df1d7a27487500a9d2
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-