General
-
Target
2eeec49976bc1e045563c0737710641dfb124ca95e2f1bb2933ff0dc8c285747
-
Size
118KB
-
Sample
210319-82vrk9jb22
-
MD5
62b3d8f1d2c236695aed6eaf8e7bc1a4
-
SHA1
ebb1f13c185e31c3ae7850f33c707629fdc53585
-
SHA256
2eeec49976bc1e045563c0737710641dfb124ca95e2f1bb2933ff0dc8c285747
-
SHA512
f2ba326412fc390b19f743834ffcbb03fce14d74b6ed37aa6fbbbf3f8b788483693c715f1cce642801f283f390de0a193ff2ced7fe3bf3ae2913cba310fbfe1a
Static task
static1
Behavioral task
behavioral1
Sample
2eeec49976bc1e045563c0737710641dfb124ca95e2f1bb2933ff0dc8c285747.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2eeec49976bc1e045563c0737710641dfb124ca95e2f1bb2933ff0dc8c285747.exe
Resource
win10v20201028
Malware Config
Extracted
C:\t01txmnse-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CD0A183B50D548BE
http://decoder.re/CD0A183B50D548BE
Targets
-
-
Target
2eeec49976bc1e045563c0737710641dfb124ca95e2f1bb2933ff0dc8c285747
-
Size
118KB
-
MD5
62b3d8f1d2c236695aed6eaf8e7bc1a4
-
SHA1
ebb1f13c185e31c3ae7850f33c707629fdc53585
-
SHA256
2eeec49976bc1e045563c0737710641dfb124ca95e2f1bb2933ff0dc8c285747
-
SHA512
f2ba326412fc390b19f743834ffcbb03fce14d74b6ed37aa6fbbbf3f8b788483693c715f1cce642801f283f390de0a193ff2ced7fe3bf3ae2913cba310fbfe1a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-