General
-
Target
74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac.exe
-
Size
667KB
-
Sample
191209-5gbby7dm12
-
MD5
48a673157da3940244ce0dfb3ecb58e9
-
SHA1
f69f954699eaabec17a0157ed3503e7ee2ae8474
-
SHA256
74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac
-
SHA512
e0d7714f4dfd2b99a6b3cc787839fcb5b898615cf5de6384d71f64758f21fcb46dbece321973a3f93412b870c4b23295aa240067aec3c87405c7887c5e9cedb5
Task
task1
Sample
74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac.exe
Resource
win7v191014
Task
task2
Sample
74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac.exe
Resource
win10v191014
Malware Config
Extracted
C:\Recovery\r79rrm-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/BF11B64AF0992ACD
http://decryptor.top/BF11B64AF0992ACD
Extracted
C:\odt\ufb125ez-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/63D19F775FDBEFBB
http://decryptor.top/63D19F775FDBEFBB
Targets
-
-
Target
74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac.exe
-
Size
667KB
-
MD5
48a673157da3940244ce0dfb3ecb58e9
-
SHA1
f69f954699eaabec17a0157ed3503e7ee2ae8474
-
SHA256
74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac
-
SHA512
e0d7714f4dfd2b99a6b3cc787839fcb5b898615cf5de6384d71f64758f21fcb46dbece321973a3f93412b870c4b23295aa240067aec3c87405c7887c5e9cedb5
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Deletes shadow copies
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-