General
-
Target
e12e9ff0a4cf29714bed618d69ff121b8a8d269d741cc1dbc8d92b9a405716a0.bin
-
Size
116KB
-
Sample
201120-zdcnzgsa1s
-
MD5
eba2b670e171d2efc8e72f023c47150a
-
SHA1
427aeaa865a38cf66e798b2f10c2c68a8cb5322a
-
SHA256
e12e9ff0a4cf29714bed618d69ff121b8a8d269d741cc1dbc8d92b9a405716a0
-
SHA512
67adf5763a6fcf7212b823e3f6e8f5b5461e9c3b3c38f580c13e438cda66f64d66759b090034bcd512f8bab78bc1d164a1e05334b07de0c618531a43ba448ebc
Static task
static1
Behavioral task
behavioral1
Sample
e12e9ff0a4cf29714bed618d69ff121b8a8d269d741cc1dbc8d92b9a405716a0.bin.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e12e9ff0a4cf29714bed618d69ff121b8a8d269d741cc1dbc8d92b9a405716a0.bin.dll
Resource
win10v20201028
Malware Config
Extracted
C:\t3b8vw-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/4FA6721AC13E9BE8
http://decryptor.cc/4FA6721AC13E9BE8
Targets
-
-
Target
e12e9ff0a4cf29714bed618d69ff121b8a8d269d741cc1dbc8d92b9a405716a0.bin
-
Size
116KB
-
MD5
eba2b670e171d2efc8e72f023c47150a
-
SHA1
427aeaa865a38cf66e798b2f10c2c68a8cb5322a
-
SHA256
e12e9ff0a4cf29714bed618d69ff121b8a8d269d741cc1dbc8d92b9a405716a0
-
SHA512
67adf5763a6fcf7212b823e3f6e8f5b5461e9c3b3c38f580c13e438cda66f64d66759b090034bcd512f8bab78bc1d164a1e05334b07de0c618531a43ba448ebc
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-
Sets desktop wallpaper using registry
-