General
-
Target
revil_6450906568884224.zip
-
Size
207KB
-
Sample
201018-qqx2ztpeqa
-
MD5
2355b4e101f8fe2c7b1f40411d829528
-
SHA1
a1537f2354c7b713f65c36cabd753695eb39cb70
-
SHA256
faf94b3ba043e0d4b7463497b69690938f8ecaac9f65fb972b5b1f6bfb51eca8
-
SHA512
6d709d342d02ecfaaed7f9410e198ad1ed1e8c6059239a7adc45d0c7bd1cfeabd2f1c1e04ee87cbda02903df64d72490d40a176e7e8ce35ee498b211f7e9287f
Static task
static1
Behavioral task
behavioral1
Sample
fa7d2020776a080d2580c0cad013be84484cbaa8d927fedd51914bad567d3278.exe
Resource
win7
Behavioral task
behavioral2
Sample
fa7d2020776a080d2580c0cad013be84484cbaa8d927fedd51914bad567d3278.exe
Resource
win10v200722
Malware Config
Extracted
C:\hc772z62-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8EF6786BB5156AF1
http://decryptor.cc/8EF6786BB5156AF1
Targets
-
-
Target
fa7d2020776a080d2580c0cad013be84484cbaa8d927fedd51914bad567d3278
-
Size
338KB
-
MD5
d44186f7b95ba487fc1c54a05d68f04f
-
SHA1
f259705190dc78c7575544f22dbaad9066cd3f6b
-
SHA256
fa7d2020776a080d2580c0cad013be84484cbaa8d927fedd51914bad567d3278
-
SHA512
5a14e02a8cf384e73ca115bf7ada61625c06453a9123d71a55f9f25fda21d3551160b21b2f1a47888ae2e54731e65315c46025dd99b717ac16e3e1fab89a4ee9
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-