General
-
Target
06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851.exe
-
Size
252KB
-
Sample
191216-4zdx1n374x
-
MD5
1ce1ca85bff4517a1ef7e8f9a7c22b16
-
SHA1
f35f0cd23692e5f5d0a3be7aefc8b01dfdd4e614
-
SHA256
06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851
-
SHA512
6e67fa01a8792453b148074fe027def90e1d3f6042037216986ee9e3d0c436c177764bc5e5900dbbab91e10d8a3c86a2ea04ef547149bfc92a33ec0236759949
Task
task1
Sample
06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851.exe
Resource
win7v191014
Task
task2
Sample
06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851.exe
Resource
win10v191014
Malware Config
Extracted
C:\05vb6je9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/566484711914F5F1
http://decryptor.top/566484711914F5F1
Extracted
C:\39y4ps-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/081AC0D763E84FAE
http://decryptor.top/081AC0D763E84FAE
Targets
-
-
Target
06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851.exe
-
Size
252KB
-
MD5
1ce1ca85bff4517a1ef7e8f9a7c22b16
-
SHA1
f35f0cd23692e5f5d0a3be7aefc8b01dfdd4e614
-
SHA256
06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851
-
SHA512
6e67fa01a8792453b148074fe027def90e1d3f6042037216986ee9e3d0c436c177764bc5e5900dbbab91e10d8a3c86a2ea04ef547149bfc92a33ec0236759949
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Deletes shadow copies
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Sets desktop wallpaper using registry
-