General
-
Target
6401927977140224.zip
-
Size
75KB
-
Sample
210201-4jkdl7ltye
-
MD5
d7a176a7e268b60cd23949a2e6daa143
-
SHA1
70c5fc6cd5def4ca59c0ca8949f7e93e0be789db
-
SHA256
e0f59603265d8e99b26a4fa1ba3cd3ab5184a9ae29334201cf65df827ac7019e
-
SHA512
75a1fea76d650f4adb7a1a44882e73aa2ed76db84e33115341c2e12abe3e3057e6b5c16147024162761fe63929c73be46841910feb35645f0e0fd2c80981bc57
Static task
static1
Behavioral task
behavioral1
Sample
14c8e3f1f23d16c2c9a4272cd05d00461d27b372cc5f588b4bbfc6102bbed708.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
14c8e3f1f23d16c2c9a4272cd05d00461d27b372cc5f588b4bbfc6102bbed708.exe
Resource
win10v20201028
Malware Config
Extracted
C:\81y0e6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/07C7945B16323A2E
http://decryptor.cc/07C7945B16323A2E
Targets
-
-
Target
14c8e3f1f23d16c2c9a4272cd05d00461d27b372cc5f588b4bbfc6102bbed708
-
Size
116KB
-
MD5
b86ad4241b01376b3924a380f6f4c934
-
SHA1
10682d08a18715a79ee23b58fdb6ee44c4e28c61
-
SHA256
14c8e3f1f23d16c2c9a4272cd05d00461d27b372cc5f588b4bbfc6102bbed708
-
SHA512
54fd19cfc37255e7ddf3456d1a2989558522cf58e5eee6ca916c19542921fe3ba4e7a431a35e0e1edbfc37c5651d392e7c3c54eb408754c0488021b16fdf92c9
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-