General
-
Target
4002b38c82cb339d1ccb434b5665389dfc33e0efb436bcc86928010797c89695.bin.exe
-
Size
115KB
-
Sample
200820-8347m8peq2
-
MD5
be926a24f4118fc23f09ce4ecd9ebff0
-
SHA1
4d6b8d954af01ff556aecb055f1965063ec3471e
-
SHA256
4002b38c82cb339d1ccb434b5665389dfc33e0efb436bcc86928010797c89695
-
SHA512
278b8c39930f5cd98660b2f770452f227947800baaa07a8f583d26d67bd420e3a09f44f9c625068e18988d50318c0d5ed97dc0600b5e60ad803a222dab969ca7
Static task
static1
Behavioral task
behavioral1
Sample
4002b38c82cb339d1ccb434b5665389dfc33e0efb436bcc86928010797c89695.bin.exe.dll
Resource
win7v200722
Behavioral task
behavioral2
Sample
4002b38c82cb339d1ccb434b5665389dfc33e0efb436bcc86928010797c89695.bin.exe.dll
Resource
win10
Malware Config
Extracted
C:\h0qy8hq-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/51BF6F9E4FD08A9A
http://decryptor.cc/51BF6F9E4FD08A9A
Extracted
C:\n48e3981gh-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C9DA0EA57E115466
http://decryptor.cc/C9DA0EA57E115466
Targets
-
-
Target
4002b38c82cb339d1ccb434b5665389dfc33e0efb436bcc86928010797c89695.bin.exe
-
Size
115KB
-
MD5
be926a24f4118fc23f09ce4ecd9ebff0
-
SHA1
4d6b8d954af01ff556aecb055f1965063ec3471e
-
SHA256
4002b38c82cb339d1ccb434b5665389dfc33e0efb436bcc86928010797c89695
-
SHA512
278b8c39930f5cd98660b2f770452f227947800baaa07a8f583d26d67bd420e3a09f44f9c625068e18988d50318c0d5ed97dc0600b5e60ad803a222dab969ca7
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-