General
-
Target
yKWgfxGs.bat
-
Size
194B
-
Sample
200402-m524wvf3j6
-
MD5
b1ff6dcf9f315d022a6401c4de7097d7
-
SHA1
88343be4d54d374a1be5ccd095c0d913bda11a76
-
SHA256
c60b9a2978335eff184b3fdb2c955136899de8c118b53f87a128687be7f1a17d
-
SHA512
e44453250ed4f5fdb935a921e88c69b6a023814f9058a787c5d97a27b0f779ff09a8680073c253bab6b1b773a357c5a6b61c10bbcd05c709d26c0d0cbe6dc6fb
Static task
static1
Behavioral task
behavioral1
Sample
yKWgfxGs.bat
Resource
win7v200217
Behavioral task
behavioral2
Sample
yKWgfxGs.bat
Resource
win10v200217
Malware Config
Extracted
http://185.103.242.78/pastes/yKWgfxGs
Extracted
C:\amid6299d9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8291F9CFA58D4290
http://decryptor.cc/8291F9CFA58D4290
Targets
-
-
Target
yKWgfxGs.bat
-
Size
194B
-
MD5
b1ff6dcf9f315d022a6401c4de7097d7
-
SHA1
88343be4d54d374a1be5ccd095c0d913bda11a76
-
SHA256
c60b9a2978335eff184b3fdb2c955136899de8c118b53f87a128687be7f1a17d
-
SHA512
e44453250ed4f5fdb935a921e88c69b6a023814f9058a787c5d97a27b0f779ff09a8680073c253bab6b1b773a357c5a6b61c10bbcd05c709d26c0d0cbe6dc6fb
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Program crash
-
Discovering connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-