General
-
Target
3cE8g42z98.exe
-
Size
213KB
-
Sample
200727-x1h682z3le
-
MD5
25a50b573de8f82bf8d5b29386fb94d7
-
SHA1
f9914b360284b987ab21f56aea9f6153fac23b84
-
SHA256
8dbef5f7ffa96759bd395938ed385c8cfe991f96402f900f0a571c844c7fb78d
-
SHA512
33e537f237542dad4c99ffd31f0930de7e932f03a3b6fac8057760a6ec72da2977c211ace603c57c98e2515a14731e8696e9ed06ffd8e71212918f5768e35c99
Static task
static1
Behavioral task
behavioral1
Sample
3cE8g42z98.exe
Resource
win7
Behavioral task
behavioral2
Sample
3cE8g42z98.exe
Resource
win10v200722
Malware Config
Extracted
C:\7r57vg2ol-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F3E42D37D77A1BEC
http://decryptor.cc/F3E42D37D77A1BEC
Extracted
C:\yt8y01b0y6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/DE4A73E969A070B8
http://decryptor.cc/DE4A73E969A070B8
Targets
-
-
Target
3cE8g42z98.exe
-
Size
213KB
-
MD5
25a50b573de8f82bf8d5b29386fb94d7
-
SHA1
f9914b360284b987ab21f56aea9f6153fac23b84
-
SHA256
8dbef5f7ffa96759bd395938ed385c8cfe991f96402f900f0a571c844c7fb78d
-
SHA512
33e537f237542dad4c99ffd31f0930de7e932f03a3b6fac8057760a6ec72da2977c211ace603c57c98e2515a14731e8696e9ed06ffd8e71212918f5768e35c99
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-