General
-
Target
7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin
-
Size
115KB
-
Sample
210301-etrhgaq4rj
-
MD5
803ce5006616c1343e73ce4500a2b3e2
-
SHA1
0634757441799167f618d1ede75abe95c20765c0
-
SHA256
7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27
-
SHA512
8b549e55e270bc2ede09332faed4e2a98e47ec6afcb32d0c41cff338f9892d103a1924ba2af9d1c0129b2f65e750e9ec6bfdc37657c67ac72000f2898b301200
Static task
static1
Behavioral task
behavioral1
Sample
7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin.dll
Resource
win10v20201028
Malware Config
Extracted
C:\8031u0o4-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D9524DC62885FC24
http://decryptor.cc/D9524DC62885FC24
Targets
-
-
Target
7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin
-
Size
115KB
-
MD5
803ce5006616c1343e73ce4500a2b3e2
-
SHA1
0634757441799167f618d1ede75abe95c20765c0
-
SHA256
7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27
-
SHA512
8b549e55e270bc2ede09332faed4e2a98e47ec6afcb32d0c41cff338f9892d103a1924ba2af9d1c0129b2f65e750e9ec6bfdc37657c67ac72000f2898b301200
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-