General
-
Target
m3kJUZkr.exe
-
Size
116KB
-
Sample
200915-392adm8ccn
-
MD5
0532e250400ded8515f6d042d388ff07
-
SHA1
e47ed9a5120f928da174a0178b1698aad8baf0b5
-
SHA256
938e0e4868f00c4cda6f6b70542e6eb0d04982b706cd4eb5a4becb7c2da1fd3f
-
SHA512
b03da56c18d7b084ce09fd3dfa1cfeb19c07ee5fc5b0bdbfb0ea935e72c6a4b5e1198aa3362e505d5e178c0df0ff2d8a479f8d96aba13d068343c72b0cc4f27e
Static task
static1
Behavioral task
behavioral1
Sample
m3kJUZkr.exe.dll
Resource
win7v200722
Behavioral task
behavioral2
Sample
m3kJUZkr.exe.dll
Resource
win10
Malware Config
Extracted
C:\9938qi3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/880230F23FF696FB
http://decryptor.cc/880230F23FF696FB
Targets
-
-
Target
m3kJUZkr.exe
-
Size
116KB
-
MD5
0532e250400ded8515f6d042d388ff07
-
SHA1
e47ed9a5120f928da174a0178b1698aad8baf0b5
-
SHA256
938e0e4868f00c4cda6f6b70542e6eb0d04982b706cd4eb5a4becb7c2da1fd3f
-
SHA512
b03da56c18d7b084ce09fd3dfa1cfeb19c07ee5fc5b0bdbfb0ea935e72c6a4b5e1198aa3362e505d5e178c0df0ff2d8a479f8d96aba13d068343c72b0cc4f27e
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-