General
-
Target
9443d7f2890e26024ee0b8067ac2609fcdbd4bcc6981a7ab1aa8671be232b1f6.bin
-
Size
322KB
-
Sample
210309-r56tj9abm2
-
MD5
7c6e8b2aac5f2706a3d7660fbfb43c37
-
SHA1
4f4e68abbdd7d5af55e4a9e25611cc535cc5820e
-
SHA256
9443d7f2890e26024ee0b8067ac2609fcdbd4bcc6981a7ab1aa8671be232b1f6
-
SHA512
d324997e2e01e57afeea96d81fbc1d18b1af97823d26a650957665a3172061e623988c7c8cede8a1da887b766cef833f8bd428fbbd08b7346559cdb680ac46eb
Static task
static1
Behavioral task
behavioral1
Sample
9443d7f2890e26024ee0b8067ac2609fcdbd4bcc6981a7ab1aa8671be232b1f6.bin.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9443d7f2890e26024ee0b8067ac2609fcdbd4bcc6981a7ab1aa8671be232b1f6.bin.dll
Resource
win10v20201028
Malware Config
Extracted
C:\lm96a7rms-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B90DFD600C366616
http://decoder.re/B90DFD600C366616
Targets
-
-
Target
9443d7f2890e26024ee0b8067ac2609fcdbd4bcc6981a7ab1aa8671be232b1f6.bin
-
Size
322KB
-
MD5
7c6e8b2aac5f2706a3d7660fbfb43c37
-
SHA1
4f4e68abbdd7d5af55e4a9e25611cc535cc5820e
-
SHA256
9443d7f2890e26024ee0b8067ac2609fcdbd4bcc6981a7ab1aa8671be232b1f6
-
SHA512
d324997e2e01e57afeea96d81fbc1d18b1af97823d26a650957665a3172061e623988c7c8cede8a1da887b766cef833f8bd428fbbd08b7346559cdb680ac46eb
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-