General
-
Target
0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d
-
Size
290KB
-
Sample
200122-dcjzw4d3w6
-
MD5
fb68a02333431394a9a0cdbff3717b24
-
SHA1
1399bf98a509adb07663476dee7f9fee571e09f3
-
SHA256
0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d
-
SHA512
e03b076d36374b263dbc63fc93e793210dc5fd809f783cda6524390590ec56b4fb5c0aa80a52650de60c31f2f6d451fee17c72256100ac7f2c15347c05ab6470
Task
task1
Sample
0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d.exe
Resource
win7v191014
Task
task2
Sample
0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d.exe
Resource
win10v191014
Malware Config
Extracted
C:\Recovery\q5f10-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D10ECAC096968E16
http://decryptor.top/D10ECAC096968E16
Extracted
C:\odt\5c4y31391w-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B03990EDA5488E8D
http://decryptor.top/B03990EDA5488E8D
Targets
-
-
Target
0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d
-
Size
290KB
-
MD5
fb68a02333431394a9a0cdbff3717b24
-
SHA1
1399bf98a509adb07663476dee7f9fee571e09f3
-
SHA256
0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d
-
SHA512
e03b076d36374b263dbc63fc93e793210dc5fd809f783cda6524390590ec56b4fb5c0aa80a52650de60c31f2f6d451fee17c72256100ac7f2c15347c05ab6470
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Deletes shadow copies
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-