General
-
Target
af1dcc03472a3760e7f068ff48725448.bat
-
Size
214B
-
Sample
201103-539hn434zj
-
MD5
5cef3f9a231d5cf5d5fbd670d721dccd
-
SHA1
baf5a46fcbe4fae2a70e5d22449ff4ed03a93e33
-
SHA256
f14eb9a5eaf915aa1fb082741ab3c1d275e0dfed65d67b6dabc2cc7b0d01923f
-
SHA512
d51a3c23cd1e5a3b079f76697fd46e4ba37fe3890d8ae29c5106d364d86e2f662fee98483c1c6febaf5087a8c3f4b5b11aff9ff633fd263b939ab416442fda02
Static task
static1
Behavioral task
behavioral1
Sample
af1dcc03472a3760e7f068ff48725448.bat
Resource
win7v20201028
Behavioral task
behavioral2
Sample
af1dcc03472a3760e7f068ff48725448.bat
Resource
win10v20201028
Malware Config
Extracted
http://185.103.242.78/pastes/af1dcc03472a3760e7f068ff48725448
Extracted
C:\be6o1iixm-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/7FA59E30A8F9FC69
http://decryptor.cc/7FA59E30A8F9FC69
Targets
-
-
Target
af1dcc03472a3760e7f068ff48725448.bat
-
Size
214B
-
MD5
5cef3f9a231d5cf5d5fbd670d721dccd
-
SHA1
baf5a46fcbe4fae2a70e5d22449ff4ed03a93e33
-
SHA256
f14eb9a5eaf915aa1fb082741ab3c1d275e0dfed65d67b6dabc2cc7b0d01923f
-
SHA512
d51a3c23cd1e5a3b079f76697fd46e4ba37fe3890d8ae29c5106d364d86e2f662fee98483c1c6febaf5087a8c3f4b5b11aff9ff633fd263b939ab416442fda02
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-