General
-
Target
5436705d1e25ce0a762a32c200158950.bat
-
Size
218B
-
Sample
201003-ae2x5k2r9j
-
MD5
a9f336d51108c56fda11701557ded1ec
-
SHA1
57aa584c781307cf32c1ff13800d0e2acdc3eb3e
-
SHA256
b5877c4cc1d72694fa3faafa1879979975365e52e7232eb6a3a9fe8aef4aea3c
-
SHA512
4c54738d6e6c73cba4f1376276314ee6a8ad69a33ca1eb5b011f2a46d78def7e44b01d9349495f366433ea8582fb0bdae124f554be08fa6fc314437703893274
Static task
static1
Behavioral task
behavioral1
Sample
5436705d1e25ce0a762a32c200158950.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
5436705d1e25ce0a762a32c200158950.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/5436705d1e25ce0a762a32c200158950
Extracted
C:\kbokpg-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CB7C9BD72FBA8814
http://decryptor.cc/CB7C9BD72FBA8814
Targets
-
-
Target
5436705d1e25ce0a762a32c200158950.bat
-
Size
218B
-
MD5
a9f336d51108c56fda11701557ded1ec
-
SHA1
57aa584c781307cf32c1ff13800d0e2acdc3eb3e
-
SHA256
b5877c4cc1d72694fa3faafa1879979975365e52e7232eb6a3a9fe8aef4aea3c
-
SHA512
4c54738d6e6c73cba4f1376276314ee6a8ad69a33ca1eb5b011f2a46d78def7e44b01d9349495f366433ea8582fb0bdae124f554be08fa6fc314437703893274
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-