General
-
Target
B40CA0BFB7AEC1C1B4218B98529B580B.file
-
Size
745KB
-
Sample
210213-1kmvzlm5vn
-
MD5
b40ca0bfb7aec1c1b4218b98529b580b
-
SHA1
5615f11ca85cdf2d5cd186028c60a21fdb6d7f72
-
SHA256
188b6a98ef67f6d79300062641e73e9ee5ec1c4172fe1cd91c7e7de7434c24dc
-
SHA512
69c4e6f306bb4e254c49b687ff227f93aa649444be29b7de2ed8f0b09637970b2d4e7bc10d6cfbec1ab753db23b41d56bb4e947159319790a9f1bf31ebf24611
Static task
static1
Behavioral task
behavioral1
Sample
B40CA0BFB7AEC1C1B4218B98529B580B.file.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
B40CA0BFB7AEC1C1B4218B98529B580B.file.dll
Resource
win10v20201028
Malware Config
Extracted
C:\ewotat18n-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/78C111539B54919F
http://decoder.re/78C111539B54919F
Extracted
C:\8rj1l91g-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B5371DADB7A7051A
http://decoder.re/B5371DADB7A7051A
Targets
-
-
Target
B40CA0BFB7AEC1C1B4218B98529B580B.file
-
Size
745KB
-
MD5
b40ca0bfb7aec1c1b4218b98529b580b
-
SHA1
5615f11ca85cdf2d5cd186028c60a21fdb6d7f72
-
SHA256
188b6a98ef67f6d79300062641e73e9ee5ec1c4172fe1cd91c7e7de7434c24dc
-
SHA512
69c4e6f306bb4e254c49b687ff227f93aa649444be29b7de2ed8f0b09637970b2d4e7bc10d6cfbec1ab753db23b41d56bb4e947159319790a9f1bf31ebf24611
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-