General
-
Target
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988.exe
-
Size
192KB
-
Sample
200907-nn7b1h8vja
-
MD5
beed14bc183ad523b94ef6ac2b270b08
-
SHA1
4ea45e0d8a4d50182063cc97c8a86d579f3adf05
-
SHA256
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988
-
SHA512
da74c44e21e120af26074fb6493a35067f037cc633e630b415d9b6947c9dc58e354fbb33afc87f733da8cd4d1f8ca66081df0e96d249ffb1c2ba8142c9317196
Static task
static1
Behavioral task
behavioral1
Sample
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988.exe
Resource
win7
Behavioral task
behavioral2
Sample
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988.exe
Resource
win10v200722
Malware Config
Extracted
C:\wl2qidi-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/786F34B10F5F5557
http://decryptor.cc/786F34B10F5F5557
Extracted
C:\5ie55-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/721AD826AEAB7627
http://decryptor.cc/721AD826AEAB7627
Targets
-
-
Target
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988.exe
-
Size
192KB
-
MD5
beed14bc183ad523b94ef6ac2b270b08
-
SHA1
4ea45e0d8a4d50182063cc97c8a86d579f3adf05
-
SHA256
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988
-
SHA512
da74c44e21e120af26074fb6493a35067f037cc633e630b415d9b6947c9dc58e354fbb33afc87f733da8cd4d1f8ca66081df0e96d249ffb1c2ba8142c9317196
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-