General
-
Target
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71.bin.exe
-
Size
116KB
-
Sample
200820-aqx31bqt1n
-
MD5
6f478788c9bf905bad3371598255fe71
-
SHA1
137db4ccf35660ab2b7e44b29755b363a93736d6
-
SHA256
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71
-
SHA512
29633d24fbe3bc50d08827bb2d9ec0b48cf4895ce9387412f04458ac283540c0bbd710e71d61a3385fa3590f31fab41f316e88b8e4994811fbf1e6930e805085
Static task
static1
Behavioral task
behavioral1
Sample
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71.bin.exe
Resource
win10v200722
Malware Config
Extracted
C:\873s80v3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8450E640EEDF2E83
http://decryptor.cc/8450E640EEDF2E83
Extracted
C:\z2z8459ig-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2122EC22BD4D0BB7
http://decryptor.cc/2122EC22BD4D0BB7
Targets
-
-
Target
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71.bin.exe
-
Size
116KB
-
MD5
6f478788c9bf905bad3371598255fe71
-
SHA1
137db4ccf35660ab2b7e44b29755b363a93736d6
-
SHA256
8d1e4bb75799fd3639d12f2418ae31631e483f8dd9758e1e8ba785c4e7a18a71
-
SHA512
29633d24fbe3bc50d08827bb2d9ec0b48cf4895ce9387412f04458ac283540c0bbd710e71d61a3385fa3590f31fab41f316e88b8e4994811fbf1e6930e805085
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-