General
-
Target
735ff072077023765e445b284f072946ffad2e36fa8aba9f1b8f93fef885352c.zip
-
Size
191KB
-
Sample
200917-knsrpj4cl2
-
MD5
2c2ca8ea86a6cad878a3e0cc8795119d
-
SHA1
39abd770dd7984e01d58aea96b9da8b3aa71f39e
-
SHA256
c324b74a5fb1fdf9e34780cf3f6079b23cf3b2e52b422cf760d8bee7090b3e72
-
SHA512
4758ece6dbc5afec1f454bd959d236e7d1901344bcb0e16b6459ec905f5f1ff4432b328ed8fee01253949055b1b5be82e68ce1492ddc006667504aae5d574055
Static task
static1
Behavioral task
behavioral1
Sample
735ff072077023765e445b284f072946ffad2e36fa8aba9f1b8f93fef885352c.exe
Resource
win7
Behavioral task
behavioral2
Sample
735ff072077023765e445b284f072946ffad2e36fa8aba9f1b8f93fef885352c.exe
Resource
win10v200722
Malware Config
Extracted
C:\w335i-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D4524545FFD1B6A
http://decryptor.cc/2D4524545FFD1B6A
Targets
-
-
Target
735ff072077023765e445b284f072946ffad2e36fa8aba9f1b8f93fef885352c.exe
-
Size
324KB
-
MD5
20defcd42cabf5da27a21dd342e58068
-
SHA1
408cfabc99c350ad28def5475cfff5dc2de02543
-
SHA256
735ff072077023765e445b284f072946ffad2e36fa8aba9f1b8f93fef885352c
-
SHA512
8a6a2f462b9e5ecccae13ecf176c8d2ec93e1c535f3541aa9a39151ea7874e730bdb627b422fbe2ba1c51c98c9c5a2b35da79433fbe9105038836ca33f31814d
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-