General
-
Target
aJnevj8H.exe
-
Size
116KB
-
Sample
201003-3y2csxrjqa
-
MD5
b8fc295190e8c19d1f0737c3f4c61279
-
SHA1
dd612752d115ea406a2c474b39bbb5d7ada62002
-
SHA256
ce19e4ed0385850a51c60558b2f38fad20196cdeaae3767ffb92e8dd2508a88b
-
SHA512
abc60b2de8dce92bb988fa57cdcb78558a7769d9e094aafcb9969b61bc73f2afa9faddccbb82365dc54d70d9506f61fa96004cb05a20f3ec132e1c22ad054937
Static task
static1
Behavioral task
behavioral1
Sample
aJnevj8H.exe.dll
Resource
win7
Behavioral task
behavioral2
Sample
aJnevj8H.exe.dll
Resource
win10
Malware Config
Extracted
C:\quxj5-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/4B816A4667D1C872
http://decryptor.cc/4B816A4667D1C872
Targets
-
-
Target
aJnevj8H.exe
-
Size
116KB
-
MD5
b8fc295190e8c19d1f0737c3f4c61279
-
SHA1
dd612752d115ea406a2c474b39bbb5d7ada62002
-
SHA256
ce19e4ed0385850a51c60558b2f38fad20196cdeaae3767ffb92e8dd2508a88b
-
SHA512
abc60b2de8dce92bb988fa57cdcb78558a7769d9e094aafcb9969b61bc73f2afa9faddccbb82365dc54d70d9506f61fa96004cb05a20f3ec132e1c22ad054937
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-