General
-
Target
b7cbe20ae32185b07bb63f96bacae27cdf68e8367a181174270165520a015d85
-
Size
116KB
-
Sample
201020-ycgytd4ky2
-
MD5
da9941dae391e44a65f8df3653fea9f7
-
SHA1
d356d6fb11ecb659d2bc2ad9f11ccf0601755dae
-
SHA256
b7cbe20ae32185b07bb63f96bacae27cdf68e8367a181174270165520a015d85
-
SHA512
485fe792d306ddd2c3362197c255ab8871184f211127b4b5482cb28fb94348c71382367b74a6f0bb9b3807a2f2f89401e7753eb87d543f821c80420ba919b238
Static task
static1
Behavioral task
behavioral1
Sample
b7cbe20ae32185b07bb63f96bacae27cdf68e8367a181174270165520a015d85.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
b7cbe20ae32185b07bb63f96bacae27cdf68e8367a181174270165520a015d85.exe
Resource
win10
Malware Config
Extracted
C:\d60xvis7h-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/6F35D78D75CB96A2
http://decryptor.cc/6F35D78D75CB96A2
Targets
-
-
Target
b7cbe20ae32185b07bb63f96bacae27cdf68e8367a181174270165520a015d85
-
Size
116KB
-
MD5
da9941dae391e44a65f8df3653fea9f7
-
SHA1
d356d6fb11ecb659d2bc2ad9f11ccf0601755dae
-
SHA256
b7cbe20ae32185b07bb63f96bacae27cdf68e8367a181174270165520a015d85
-
SHA512
485fe792d306ddd2c3362197c255ab8871184f211127b4b5482cb28fb94348c71382367b74a6f0bb9b3807a2f2f89401e7753eb87d543f821c80420ba919b238
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-