General
-
Target
YJxE8vf6.exe
-
Size
116KB
-
Sample
200929-pgf1shjlgn
-
MD5
a133909376f0499059642768d4f73a95
-
SHA1
fda53c8b4d684b7454d204ed395934159c091133
-
SHA256
4270895e0d3973d98d5014e299f9e9a4dee0e528d37adbbcf47dc52ca483fd74
-
SHA512
f205002c4059a98c1b917be8644c9f1d02ec4ccdf10d35e7bb34d75f47aca72f16400dce024842dd4694d9557bdf20d5dece66dd2be112bade22d0101f8a6ae0
Static task
static1
Behavioral task
behavioral1
Sample
YJxE8vf6.exe.dll
Resource
win7
Behavioral task
behavioral2
Sample
YJxE8vf6.exe.dll
Resource
win10v200722
Malware Config
Extracted
C:\q5081i312-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/797E95071FE198AE
http://decryptor.cc/797E95071FE198AE
Targets
-
-
Target
YJxE8vf6.exe
-
Size
116KB
-
MD5
a133909376f0499059642768d4f73a95
-
SHA1
fda53c8b4d684b7454d204ed395934159c091133
-
SHA256
4270895e0d3973d98d5014e299f9e9a4dee0e528d37adbbcf47dc52ca483fd74
-
SHA512
f205002c4059a98c1b917be8644c9f1d02ec4ccdf10d35e7bb34d75f47aca72f16400dce024842dd4694d9557bdf20d5dece66dd2be112bade22d0101f8a6ae0
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-