General
-
Target
0cf6b2529f92cb76be812caf661460e08bf65d9582ff5ea2d39206c8ead17b6a
-
Size
116KB
-
Sample
210302-z2k3r13nhn
-
MD5
157083d3340bd1ccb0ef3753f1491dad
-
SHA1
7f62112b7e3811b4c025f20f656e5930ad30125d
-
SHA256
0cf6b2529f92cb76be812caf661460e08bf65d9582ff5ea2d39206c8ead17b6a
-
SHA512
39ec844c2dcf33862571f8d267b1384dbe5fdb3b8d1de1b615ba85ecd8cf58433147c6c6892a4967a0f0eba045fb187ea0d08055585134d5c3abf5297507421b
Static task
static1
Behavioral task
behavioral1
Sample
0cf6b2529f92cb76be812caf661460e08bf65d9582ff5ea2d39206c8ead17b6a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0cf6b2529f92cb76be812caf661460e08bf65d9582ff5ea2d39206c8ead17b6a.exe
Resource
win10v20201028
Malware Config
Extracted
C:\22lirwk80-README.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D5F776ADDCECC7E7
http://decryptor.cc/D5F776ADDCECC7E7
Targets
-
-
Target
0cf6b2529f92cb76be812caf661460e08bf65d9582ff5ea2d39206c8ead17b6a
-
Size
116KB
-
MD5
157083d3340bd1ccb0ef3753f1491dad
-
SHA1
7f62112b7e3811b4c025f20f656e5930ad30125d
-
SHA256
0cf6b2529f92cb76be812caf661460e08bf65d9582ff5ea2d39206c8ead17b6a
-
SHA512
39ec844c2dcf33862571f8d267b1384dbe5fdb3b8d1de1b615ba85ecd8cf58433147c6c6892a4967a0f0eba045fb187ea0d08055585134d5c3abf5297507421b
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-