General
-
Target
ef97612bb189177026481938c1e40e80a61bf504f7e491367b206b9f87700d88
-
Size
339KB
-
Sample
201021-sw1w7nm8v6
-
MD5
a976d4247a7f411914a8d9caaa8efc09
-
SHA1
ed7e0f161617547b89e41653c671b475cf6a4dd9
-
SHA256
ef97612bb189177026481938c1e40e80a61bf504f7e491367b206b9f87700d88
-
SHA512
4abe367dfe139c429d4fb71f58c4ba72a6fd9f9906475a1d43c0971a1fa054de332a7854c3e3d3de22032c5838450618173be2cb0553bb5efdf21eea209d849a
Static task
static1
Behavioral task
behavioral1
Sample
ef97612bb189177026481938c1e40e80a61bf504f7e491367b206b9f87700d88.exe
Resource
win7
Behavioral task
behavioral2
Sample
ef97612bb189177026481938c1e40e80a61bf504f7e491367b206b9f87700d88.exe
Resource
win10
Malware Config
Extracted
C:\001715yzkz-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/DFF35A85FE3383AA
http://decryptor.cc/DFF35A85FE3383AA
Targets
-
-
Target
ef97612bb189177026481938c1e40e80a61bf504f7e491367b206b9f87700d88
-
Size
339KB
-
MD5
a976d4247a7f411914a8d9caaa8efc09
-
SHA1
ed7e0f161617547b89e41653c671b475cf6a4dd9
-
SHA256
ef97612bb189177026481938c1e40e80a61bf504f7e491367b206b9f87700d88
-
SHA512
4abe367dfe139c429d4fb71f58c4ba72a6fd9f9906475a1d43c0971a1fa054de332a7854c3e3d3de22032c5838450618173be2cb0553bb5efdf21eea209d849a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-