General
-
Target
5612552582365184.zip
-
Size
84KB
-
Sample
210201-r1wnwlaqha
-
MD5
4ca84f257c59691bcf82664fae40f0f2
-
SHA1
3b3718ce201fd1352f95785ad6789fc9a179e491
-
SHA256
2c6e14e4675b318933d73e3377831f25056e3222f0abd13b6b9ba23a0b669868
-
SHA512
a5e7ff43dca7231b1b23798559db30ee601bac20cfa700f671d0616d14cd1c78b3587786ce361b1b993b12e1ba568e911e7429e0d711455cd29bccbbc95a044b
Static task
static1
Behavioral task
behavioral1
Sample
801e1f5f623edd2771367a79c94c8d9414f2d8f6af5cec707baa410a1ebf4b75.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
801e1f5f623edd2771367a79c94c8d9414f2d8f6af5cec707baa410a1ebf4b75.exe
Resource
win10v20201028
Malware Config
Extracted
C:\2lsx5g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/7BF64018E3D814A4
http://decryptor.cc/7BF64018E3D814A4
Targets
-
-
Target
801e1f5f623edd2771367a79c94c8d9414f2d8f6af5cec707baa410a1ebf4b75
-
Size
136KB
-
MD5
c2ae29ea86b611d8697ca715e61045a8
-
SHA1
58d835c3d204d012ee5a4e3c05a06e60b4316d0e
-
SHA256
801e1f5f623edd2771367a79c94c8d9414f2d8f6af5cec707baa410a1ebf4b75
-
SHA512
571dde42ebaa5c373bcd1cd8c08e3d4d16945df54659f64ccb0e8e1bf721c11d20ac35539e071dfede3a765d2abfd6546225fb72822fa1e3e4095459b539822a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-