General
-
Target
15dc53519848adbcd6a64c524027201f013c4acba7d7002b4461d0e5b82859fd
-
Size
119KB
-
Sample
210318-77sq8fft1x
-
MD5
b342716c369faf9ca8fd102a5e8723dd
-
SHA1
970eb66d97900e5dbfc2d25c544624a2f11b2aa3
-
SHA256
15dc53519848adbcd6a64c524027201f013c4acba7d7002b4461d0e5b82859fd
-
SHA512
82c3fc7cacaa5996ff61dbe6492389c52a8abb182277734c6aac650481e0e17ad3724f475e93bfc7f2e29bdcbb88eb812221ad3e4829ec3f859f88b125097645
Static task
static1
Behavioral task
behavioral1
Sample
15dc53519848adbcd6a64c524027201f013c4acba7d7002b4461d0e5b82859fd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
15dc53519848adbcd6a64c524027201f013c4acba7d7002b4461d0e5b82859fd.exe
Resource
win10v20201028
Malware Config
Extracted
C:\1j132-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/60B823A84043C8F8
http://decoder.re/60B823A84043C8F8
Extracted
C:\n9ce2l8f-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D856DFD4914986CA
http://decoder.re/D856DFD4914986CA
Targets
-
-
Target
15dc53519848adbcd6a64c524027201f013c4acba7d7002b4461d0e5b82859fd
-
Size
119KB
-
MD5
b342716c369faf9ca8fd102a5e8723dd
-
SHA1
970eb66d97900e5dbfc2d25c544624a2f11b2aa3
-
SHA256
15dc53519848adbcd6a64c524027201f013c4acba7d7002b4461d0e5b82859fd
-
SHA512
82c3fc7cacaa5996ff61dbe6492389c52a8abb182277734c6aac650481e0e17ad3724f475e93bfc7f2e29bdcbb88eb812221ad3e4829ec3f859f88b125097645
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-