General
-
Target
e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec
-
Size
535KB
-
Sample
191209-v5j5ecnwrj
-
MD5
e713658b666ff04c9863ebecb458f174
-
SHA1
8b1d4ae7cbc6c0fa0705122b9556745670863214
-
SHA256
e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec
-
SHA512
0fda0036f8dcd54755ad292e68ba16e2cebd06f208474b38afee94c6b2c0ea1b706cca1303e08c50cbb3b56526502a7bf5764cf17c647844bd9736e06f451d99
Task
task1
Sample
e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec.exe
Resource
win7v191014
Task
task2
Sample
e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec.exe
Resource
win10v191014
Malware Config
Extracted
C:\45o9tx-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/BACF4EB76154C740
http://decryptor.top/BACF4EB76154C740
Extracted
C:\36rwx-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6BBB3F5B07FB9A97
http://decryptor.top/6BBB3F5B07FB9A97
Targets
-
-
Target
e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec
-
Size
535KB
-
MD5
e713658b666ff04c9863ebecb458f174
-
SHA1
8b1d4ae7cbc6c0fa0705122b9556745670863214
-
SHA256
e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec
-
SHA512
0fda0036f8dcd54755ad292e68ba16e2cebd06f208474b38afee94c6b2c0ea1b706cca1303e08c50cbb3b56526502a7bf5764cf17c647844bd9736e06f451d99
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Deletes shadow copies
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-