General
-
Target
f4f73a451c1ec493eb3b4395d06de73598fcf5b8f7d13e81418238824d90fda3.bin
-
Size
118KB
-
Sample
210207-9qpn5zj3x6
-
MD5
8a6c49fe4ea20484411093997d7ebf19
-
SHA1
05cf02f7f79f4dda97ffdc60da9171ec0699bc68
-
SHA256
f4f73a451c1ec493eb3b4395d06de73598fcf5b8f7d13e81418238824d90fda3
-
SHA512
6a8519cb92c1beade84792bd648d67ed2022b13099d663d066228114772c0797653053285d3c3a515050e9ff1e7561392628e7d21b8ed11bc734f7758a4d1d07
Static task
static1
Behavioral task
behavioral1
Sample
f4f73a451c1ec493eb3b4395d06de73598fcf5b8f7d13e81418238824d90fda3.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f4f73a451c1ec493eb3b4395d06de73598fcf5b8f7d13e81418238824d90fda3.bin.exe
Resource
win10v20201028
Malware Config
Extracted
C:\s98g1x6-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/80738617A6B16F69
http://decoder.re/80738617A6B16F69
Targets
-
-
Target
f4f73a451c1ec493eb3b4395d06de73598fcf5b8f7d13e81418238824d90fda3.bin
-
Size
118KB
-
MD5
8a6c49fe4ea20484411093997d7ebf19
-
SHA1
05cf02f7f79f4dda97ffdc60da9171ec0699bc68
-
SHA256
f4f73a451c1ec493eb3b4395d06de73598fcf5b8f7d13e81418238824d90fda3
-
SHA512
6a8519cb92c1beade84792bd648d67ed2022b13099d663d066228114772c0797653053285d3c3a515050e9ff1e7561392628e7d21b8ed11bc734f7758a4d1d07
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-