General
-
Target
PNaBtWvH.exe
-
Size
116KB
-
Sample
200916-s4jv1dbrqa
-
MD5
906476f7f37236ab87319d477afec56f
-
SHA1
16485c511e413cc33b4fe6ef3c95b65198cdd9f3
-
SHA256
b8dc282b15526821326ae7158f5e4e895a874fc15499d102d59e819aa78d5800
-
SHA512
8c893d42f90a4d63b6261c8644bb97807052fa1570693b3cc179566b7a14f28590d7d2e4e5062cbb731617f83c46c0333d46a45a5ad2138576b95867fbf323ce
Static task
static1
Behavioral task
behavioral1
Sample
PNaBtWvH.exe.dll
Resource
win7
Behavioral task
behavioral2
Sample
PNaBtWvH.exe.dll
Resource
win10v200722
Malware Config
Extracted
C:\0co8340t6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/ADF5FEE9BFBA4D11
http://decryptor.cc/ADF5FEE9BFBA4D11
Targets
-
-
Target
PNaBtWvH.exe
-
Size
116KB
-
MD5
906476f7f37236ab87319d477afec56f
-
SHA1
16485c511e413cc33b4fe6ef3c95b65198cdd9f3
-
SHA256
b8dc282b15526821326ae7158f5e4e895a874fc15499d102d59e819aa78d5800
-
SHA512
8c893d42f90a4d63b6261c8644bb97807052fa1570693b3cc179566b7a14f28590d7d2e4e5062cbb731617f83c46c0333d46a45a5ad2138576b95867fbf323ce
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-