General
-
Target
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309
-
Size
115KB
-
Sample
210226-fxgzgzg86x
-
MD5
d7dd35bfb368ebaf9b42d2824ae8d940
-
SHA1
99f3dd3376e9615f5863808ec4ed051ddad7ccfa
-
SHA256
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309
-
SHA512
bbb79586ea55b31bb45bcc0ced9c1c8aa0cb2cbe8cfe2d084242b948e04a095c5b3880d7ab6e53eb196439f698ebb955d9c6e882508edf5dfcf2849d4b8615fa
Static task
static1
Behavioral task
behavioral1
Sample
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe
Resource
win10v20201028
Malware Config
Extracted
C:\86z806-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CD0A183B50D548BE
http://decryptor.cc/CD0A183B50D548BE
Targets
-
-
Target
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309
-
Size
115KB
-
MD5
d7dd35bfb368ebaf9b42d2824ae8d940
-
SHA1
99f3dd3376e9615f5863808ec4ed051ddad7ccfa
-
SHA256
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309
-
SHA512
bbb79586ea55b31bb45bcc0ced9c1c8aa0cb2cbe8cfe2d084242b948e04a095c5b3880d7ab6e53eb196439f698ebb955d9c6e882508edf5dfcf2849d4b8615fa
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-