General
-
Target
LbYesiVe.exe
-
Size
116KB
-
Sample
201003-davk8gcy6j
-
MD5
284281286455371cf12b69ad76034d08
-
SHA1
9cee17cf7463f677555ccbd1cc2e574ea7e74a31
-
SHA256
8c32012baa74c8ee1bf676094f688505eae215317cc38c0e28a518e5a9d0b70b
-
SHA512
e1ac523859e197594c89937a88d9c556041a5965e0a4b2f52fb602a0dee2ab990c00a1912e40d115c4164016a43a2d7b24a8a07f095dbee51393c113f5c04918
Static task
static1
Behavioral task
behavioral1
Sample
LbYesiVe.exe.dll
Resource
win7
Behavioral task
behavioral2
Sample
LbYesiVe.exe.dll
Resource
win10v200722
Malware Config
Extracted
C:\d56m7cc0r-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/24120883B193C4BE
http://decryptor.cc/24120883B193C4BE
Targets
-
-
Target
LbYesiVe.exe
-
Size
116KB
-
MD5
284281286455371cf12b69ad76034d08
-
SHA1
9cee17cf7463f677555ccbd1cc2e574ea7e74a31
-
SHA256
8c32012baa74c8ee1bf676094f688505eae215317cc38c0e28a518e5a9d0b70b
-
SHA512
e1ac523859e197594c89937a88d9c556041a5965e0a4b2f52fb602a0dee2ab990c00a1912e40d115c4164016a43a2d7b24a8a07f095dbee51393c113f5c04918
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-