General
-
Target
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9.exe
-
Size
115KB
-
Sample
200810-eewcacl7je
-
MD5
d3808c0b73390ac85758fa35fa7f7f3a
-
SHA1
c8bc0c32a7155e547773d1df419915e5bfffcf2f
-
SHA256
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9
-
SHA512
10daf9b0030a8ef49e9a2f69ae0f7b489e1e1a35ac374f20f26859669924c9b0d079da94f6152e0d517b3e63aa1d215197f571196331e6a2b1df19b888cc7fb2
Static task
static1
Behavioral task
behavioral1
Sample
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9.exe
Resource
win7
Behavioral task
behavioral2
Sample
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9.exe
Resource
win10v200722
Malware Config
Extracted
C:\85w4x93-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E2069B0076271D91
http://decryptor.cc/E2069B0076271D91
Extracted
C:\6ew8a99-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/183B54E3404D5CCD
http://decryptor.cc/183B54E3404D5CCD
Targets
-
-
Target
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9.exe
-
Size
115KB
-
MD5
d3808c0b73390ac85758fa35fa7f7f3a
-
SHA1
c8bc0c32a7155e547773d1df419915e5bfffcf2f
-
SHA256
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9
-
SHA512
10daf9b0030a8ef49e9a2f69ae0f7b489e1e1a35ac374f20f26859669924c9b0d079da94f6152e0d517b3e63aa1d215197f571196331e6a2b1df19b888cc7fb2
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-