General
-
Target
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a.bin.exe
-
Size
115KB
-
Sample
200820-qnnlefs8ka
-
MD5
35766bd0b389c682306437d45ba5c4e6
-
SHA1
b837df01d31c1bfff0e54f07076323d075a4bf27
-
SHA256
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a
-
SHA512
e20472ae28857e4dd7b021e23366623cf6b3f9a4818b09c36997b1428220d244da760ff61aaa11de690278152fb551e2a002f7ff19e1cf60ad625845772930c6
Static task
static1
Behavioral task
behavioral1
Sample
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a.bin.exe
Resource
win10
Malware Config
Extracted
C:\e9zkgun-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/1E0C9B09978739C8
http://decryptor.cc/1E0C9B09978739C8
Extracted
C:\1g3wd8r-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/887C53C24A330C29
http://decryptor.cc/887C53C24A330C29
Targets
-
-
Target
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a.bin.exe
-
Size
115KB
-
MD5
35766bd0b389c682306437d45ba5c4e6
-
SHA1
b837df01d31c1bfff0e54f07076323d075a4bf27
-
SHA256
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a
-
SHA512
e20472ae28857e4dd7b021e23366623cf6b3f9a4818b09c36997b1428220d244da760ff61aaa11de690278152fb551e2a002f7ff19e1cf60ad625845772930c6
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-