General
-
Target
3685CE874B1ABEF3448D4C50EA0371E31A78AFBAE09287D3FF5D25953091659C.zip
-
Size
143KB
-
Sample
200413-px8a5n5l62
-
MD5
e08550f729925013b293055e941b18d6
-
SHA1
0caf1d4d7daadaada62d87ffa7b1f19d0e78c3a8
-
SHA256
0fb40140e7309e8676608dbd1e5eb8b3e74991e8ebd6cc7d7a208d1a57d7cdbb
-
SHA512
4361aa7fcd74859d689a793536707111f9df6cb46afb74669ac94fc8edbee259c7923f03bd879ef2eae195c73daa9e0fb0c880745e7af043b1cee6e21b4dbb50
Static task
static1
Behavioral task
behavioral1
Sample
3685CE874B1ABEF3448D4C50EA0371E31A78AFBAE09287D3FF5D25953091659C.exe
Resource
win7v200410
Behavioral task
behavioral2
Sample
3685CE874B1ABEF3448D4C50EA0371E31A78AFBAE09287D3FF5D25953091659C.exe
Resource
win10v200410
Malware Config
Extracted
C:\15u463-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/36B564197A3EF9EC
http://decryptor.cc/36B564197A3EF9EC
Extracted
C:\m0zb0d04-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F312829D7857AA74
http://decryptor.cc/F312829D7857AA74
Targets
-
-
Target
3685CE874B1ABEF3448D4C50EA0371E31A78AFBAE09287D3FF5D25953091659C
-
Size
231KB
-
MD5
2fbaf37aad337e407fe8ea80cc3ab763
-
SHA1
098234f0f7a009728f38e91153abc34d87c18795
-
SHA256
3685ce874b1abef3448d4c50ea0371e31a78afbae09287d3ff5d25953091659c
-
SHA512
a1f84ac10370f7a0ce8202a5c9f511faec84f405e4ba1dacd6e7bf851a49a1228b8f70f680c3106982834d326aab3a4f13a86406be65ecc753da486be003450d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Discovering connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-