General
-
Target
f1662bfebf68d8da9879fd50b41536078c0c06ed4616dc388ee78a30ce8ccd27
-
Size
116KB
-
Sample
200824-aeftm59m2n
-
MD5
4a23ba5e733f132b8fae5c9f0219d32a
-
SHA1
3a12b89cbf552b440fe167b91462db17d294d56f
-
SHA256
f1662bfebf68d8da9879fd50b41536078c0c06ed4616dc388ee78a30ce8ccd27
-
SHA512
b08af5e1fd466e6aba204789985538de8c0eea90be058d4e8e2243bb783a96a4e63087558a4993b54ce0f6c7ddaaf887134820fd14dcebe287d0ca035081241c
Static task
static1
Behavioral task
behavioral1
Sample
f1662bfebf68d8da9879fd50b41536078c0c06ed4616dc388ee78a30ce8ccd27.dll
Resource
win7v200722
Behavioral task
behavioral2
Sample
f1662bfebf68d8da9879fd50b41536078c0c06ed4616dc388ee78a30ce8ccd27.dll
Resource
win10v200722
Malware Config
Extracted
C:\7zyo1iyv1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/760AD4C9552E164F
http://decryptor.cc/760AD4C9552E164F
Extracted
C:\m2n9346-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EEAC9A004D1EEC18
http://decryptor.cc/EEAC9A004D1EEC18
Targets
-
-
Target
f1662bfebf68d8da9879fd50b41536078c0c06ed4616dc388ee78a30ce8ccd27
-
Size
116KB
-
MD5
4a23ba5e733f132b8fae5c9f0219d32a
-
SHA1
3a12b89cbf552b440fe167b91462db17d294d56f
-
SHA256
f1662bfebf68d8da9879fd50b41536078c0c06ed4616dc388ee78a30ce8ccd27
-
SHA512
b08af5e1fd466e6aba204789985538de8c0eea90be058d4e8e2243bb783a96a4e63087558a4993b54ce0f6c7ddaaf887134820fd14dcebe287d0ca035081241c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-