General
-
Target
lg.bin
-
Size
290KB
-
Sample
200730-kxkw4trasn
-
MD5
5f58902825d15d59528f98faf43b86c3
-
SHA1
f09e5e72b433d11a32efe2e5d63db0bc7b8def59
-
SHA256
140f831ddd180861481c9531aa6859c56503e77d29d00439c1e71c5b93e01e1a
-
SHA512
5aae01c51f026e7382bf20117e81cc06a975f561370e7f9170b02bc83e329cc1737d82cf721f3901cf4c2c9180423bdaf6a375a109d05e9ca164c7c08970a3c6
Static task
static1
Behavioral task
behavioral1
Sample
lg.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
lg.bin.exe
Resource
win10
Malware Config
Extracted
C:\m6x73942b6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0BDB1394373EB709
http://decryptor.cc/0BDB1394373EB709
Extracted
C:\88fw8-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9CAEB518F653B061
http://decryptor.cc/9CAEB518F653B061
Targets
-
-
Target
lg.bin
-
Size
290KB
-
MD5
5f58902825d15d59528f98faf43b86c3
-
SHA1
f09e5e72b433d11a32efe2e5d63db0bc7b8def59
-
SHA256
140f831ddd180861481c9531aa6859c56503e77d29d00439c1e71c5b93e01e1a
-
SHA512
5aae01c51f026e7382bf20117e81cc06a975f561370e7f9170b02bc83e329cc1737d82cf721f3901cf4c2c9180423bdaf6a375a109d05e9ca164c7c08970a3c6
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-