General
-
Target
9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f
-
Size
116KB
-
Sample
200902-epcdq3grja
-
MD5
e464e53eb7a4f84aa2fd0a540b2a3840
-
SHA1
bdc8d31dcd1f56a9ab2abf79bba817fb75b3859b
-
SHA256
9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f
-
SHA512
5ce4c7bd667c361fc1afeb752e59de9f29d7ed5c0252af3b6cb7e78e9ebd2ab237a454daea4474640e35fdc8b6d4be47a60cb8926a4801469f0570c64d2ad110
Static task
static1
Behavioral task
behavioral1
Sample
9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f.dll
Resource
win7v200722
Behavioral task
behavioral2
Sample
9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f.dll
Resource
win10
Malware Config
Extracted
C:\k2fiyf-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6DA09EC49B5AA070
http://decryptor.cc/6DA09EC49B5AA070
Targets
-
-
Target
9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f
-
Size
116KB
-
MD5
e464e53eb7a4f84aa2fd0a540b2a3840
-
SHA1
bdc8d31dcd1f56a9ab2abf79bba817fb75b3859b
-
SHA256
9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f
-
SHA512
5ce4c7bd667c361fc1afeb752e59de9f29d7ed5c0252af3b6cb7e78e9ebd2ab237a454daea4474640e35fdc8b6d4be47a60cb8926a4801469f0570c64d2ad110
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-