General
-
Target
87f461a62a7de4013da81005cdc4ac08.bat
-
Size
213B
-
Sample
200929-4pm7cngybs
-
MD5
b80441d6d88bed0ea2c4aee192320ab0
-
SHA1
cc5062b68194e72fcc39d78ec794eef77c631e11
-
SHA256
3f89ce5be773c28644ec626cd94037a02958f69cb9a571c6c69788af498e06c4
-
SHA512
fd370a4178ed0204241dd84df0e234b4c971c27ef8d6d7a423a1a1e0679ffd82d3879642f9d484f0089ea11785361104073fae26f860dbabd594b8300de3bd35
Static task
static1
Behavioral task
behavioral1
Sample
87f461a62a7de4013da81005cdc4ac08.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
87f461a62a7de4013da81005cdc4ac08.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/87f461a62a7de4013da81005cdc4ac08
Extracted
C:\91ol0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3CE2AD4ABB424937
http://decryptor.cc/3CE2AD4ABB424937
Targets
-
-
Target
87f461a62a7de4013da81005cdc4ac08.bat
-
Size
213B
-
MD5
b80441d6d88bed0ea2c4aee192320ab0
-
SHA1
cc5062b68194e72fcc39d78ec794eef77c631e11
-
SHA256
3f89ce5be773c28644ec626cd94037a02958f69cb9a571c6c69788af498e06c4
-
SHA512
fd370a4178ed0204241dd84df0e234b4c971c27ef8d6d7a423a1a1e0679ffd82d3879642f9d484f0089ea11785361104073fae26f860dbabd594b8300de3bd35
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-