sodinokibi | 5743310e1c2bd52d3abf50fa874a206e42a4aac4e182447e99f3cf32be4334ed | Triage

Sharing

General

Target

4jD1biG2.bat
Size

191B
Sample

200210-ea6tglj89e
MD5

6097db04a430a1a65515bae911e13c6e
SHA1

41f39ba8f63c6ff8067348f596155beb32c45f17
SHA256

5743310e1c2bd52d3abf50fa874a206e42a4aac4e182447e99f3cf32be4334ed
SHA512

22fd4f652757e39fca2fa7b8a5d51cf951b76b200764b0ad45aa01cd38f9cbfb63df5542f08606fc198857cdecf1e4fd14d1cd005805203469b9dbb9a52ed777

Score

10^/10

sodinokibi persistence ransomware

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://185.103.242.78/pastes/4jD1biG2

Targets

- Target
  
  4jD1biG2.bat
- Size
  
  191B
- MD5
  
  6097db04a430a1a65515bae911e13c6e
- SHA1
  
  41f39ba8f63c6ff8067348f596155beb32c45f17
- SHA256
  
  5743310e1c2bd52d3abf50fa874a206e42a4aac4e182447e99f3cf32be4334ed
- SHA512
  
  22fd4f652757e39fca2fa7b8a5d51cf951b76b200764b0ad45aa01cd38f9cbfb63df5542f08606fc198857cdecf1e4fd14d1cd005805203469b9dbb9a52ed777
Score

10^/10

ransomware sodinokibi persistence
- Sodin,Sodinokibi,REvil
  Ransomware with advanced anti-analysis and privilege escalation functionality
  ransomware sodinokibi
- Blacklisted process makes network request
- Program crash
- Discovering connected drives
  ransomware
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

ransomwaresodinokibipersistence

behavioral2