General
-
Target
as.exe
-
Size
192KB
-
Sample
201106-r26chye4dx
-
MD5
beed14bc183ad523b94ef6ac2b270b08
-
SHA1
4ea45e0d8a4d50182063cc97c8a86d579f3adf05
-
SHA256
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988
-
SHA512
da74c44e21e120af26074fb6493a35067f037cc633e630b415d9b6947c9dc58e354fbb33afc87f733da8cd4d1f8ca66081df0e96d249ffb1c2ba8142c9317196
Static task
static1
Behavioral task
behavioral1
Sample
as.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
as.exe
Resource
win10v20201028
Malware Config
Extracted
C:\z8670ejqk3-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E0228824883A2F7E
http://decryptor.cc/E0228824883A2F7E
Extracted
C:\11tt7id9-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/61773AFBBE4DF929
http://decryptor.cc/61773AFBBE4DF929
Targets
-
-
Target
as.exe
-
Size
192KB
-
MD5
beed14bc183ad523b94ef6ac2b270b08
-
SHA1
4ea45e0d8a4d50182063cc97c8a86d579f3adf05
-
SHA256
b10d9a62edb6081aa9f7fc865554064bb212555392b1181dc40040e12927f988
-
SHA512
da74c44e21e120af26074fb6493a35067f037cc633e630b415d9b6947c9dc58e354fbb33afc87f733da8cd4d1f8ca66081df0e96d249ffb1c2ba8142c9317196
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-