General
-
Target
7cbc48d6ae9ecd184f501f7b6335c610.bat
-
Size
216B
-
Sample
201007-eaqpnv5zla
-
MD5
f413de542b9c7ffad61e390a12df9530
-
SHA1
f533e65ef43aa735f705c4e90453ab73191030a9
-
SHA256
6404114463be10557553648d2adbd3fad665f24bdf9596ae4eac9b1c085728cd
-
SHA512
ec5cc6220178daa514948eb3490643101495f69dcc9b73d0c8692a14107420e0f97fd34a7045d5479f905022e72ee835b62a375a33fde085e7f7732d3711e1a2
Static task
static1
Behavioral task
behavioral1
Sample
7cbc48d6ae9ecd184f501f7b6335c610.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
7cbc48d6ae9ecd184f501f7b6335c610.bat
Resource
win10v200722
Malware Config
Extracted
http://185.103.242.78/pastes/7cbc48d6ae9ecd184f501f7b6335c610
Extracted
C:\18i3262-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/85E986F3615ED08D
http://decryptor.cc/85E986F3615ED08D
Targets
-
-
Target
7cbc48d6ae9ecd184f501f7b6335c610.bat
-
Size
216B
-
MD5
f413de542b9c7ffad61e390a12df9530
-
SHA1
f533e65ef43aa735f705c4e90453ab73191030a9
-
SHA256
6404114463be10557553648d2adbd3fad665f24bdf9596ae4eac9b1c085728cd
-
SHA512
ec5cc6220178daa514948eb3490643101495f69dcc9b73d0c8692a14107420e0f97fd34a7045d5479f905022e72ee835b62a375a33fde085e7f7732d3711e1a2
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-