General
-
Target
8cdc6c54e57c51ca7ed43f1f56e09b352a8995a6c49dd163812e8ecfe03c613a
-
Size
341KB
-
Sample
201020-4p5aq12fv2
-
MD5
14ba7d3a1d28d8039695d2035182959e
-
SHA1
29c653f5f95aba672ed1110d225d1780aeebe4f4
-
SHA256
8cdc6c54e57c51ca7ed43f1f56e09b352a8995a6c49dd163812e8ecfe03c613a
-
SHA512
a75f79f92ab8fd5b337b308c6476509e4fe4b06b93073ffdd6c04ebf547b6a77fda73a6f68286ec403b9d09f464467215738bcdd3ac021155a00de3d04fd7b44
Static task
static1
Behavioral task
behavioral1
Sample
8cdc6c54e57c51ca7ed43f1f56e09b352a8995a6c49dd163812e8ecfe03c613a.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
8cdc6c54e57c51ca7ed43f1f56e09b352a8995a6c49dd163812e8ecfe03c613a.exe
Resource
win10v200722
Malware Config
Extracted
C:\035i588g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9D740AC6038D38FC
http://decryptor.cc/9D740AC6038D38FC
Targets
-
-
Target
8cdc6c54e57c51ca7ed43f1f56e09b352a8995a6c49dd163812e8ecfe03c613a
-
Size
341KB
-
MD5
14ba7d3a1d28d8039695d2035182959e
-
SHA1
29c653f5f95aba672ed1110d225d1780aeebe4f4
-
SHA256
8cdc6c54e57c51ca7ed43f1f56e09b352a8995a6c49dd163812e8ecfe03c613a
-
SHA512
a75f79f92ab8fd5b337b308c6476509e4fe4b06b93073ffdd6c04ebf547b6a77fda73a6f68286ec403b9d09f464467215738bcdd3ac021155a00de3d04fd7b44
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-