General
-
Target
774354fe16764fa513052ff714048858cb315691599a08d13ba56be1c796a16d
-
Size
975KB
-
Sample
200507-l6y116st8a
-
MD5
cce629db2606ae98ba6e931adbf1aeae
-
SHA1
2649ce761c00f4505758e20580e8bdf3e8d559d1
-
SHA256
774354fe16764fa513052ff714048858cb315691599a08d13ba56be1c796a16d
-
SHA512
7f64fab63ce7117d131d28f9657cbd4b096e7b8ac959cacf4f876709678c26f37bdf8b4575d8c8aa8e4920c203cd938bd9d39b8425212301d57c4ed5ab906c96
Static task
static1
Behavioral task
behavioral1
Sample
774354fe16764fa513052ff714048858cb315691599a08d13ba56be1c796a16d.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
774354fe16764fa513052ff714048858cb315691599a08d13ba56be1c796a16d.exe
Resource
win10v200430
Malware Config
Extracted
C:\4d7h7y-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/78174560FC96B22E
http://decryptor.cc/78174560FC96B22E
Targets
-
-
Target
774354fe16764fa513052ff714048858cb315691599a08d13ba56be1c796a16d
-
Size
975KB
-
MD5
cce629db2606ae98ba6e931adbf1aeae
-
SHA1
2649ce761c00f4505758e20580e8bdf3e8d559d1
-
SHA256
774354fe16764fa513052ff714048858cb315691599a08d13ba56be1c796a16d
-
SHA512
7f64fab63ce7117d131d28f9657cbd4b096e7b8ac959cacf4f876709678c26f37bdf8b4575d8c8aa8e4920c203cd938bd9d39b8425212301d57c4ed5ab906c96
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-