General
-
Target
711ea342f393ba9f505e5d72ff1299d12fd3bb420106ae96221b5121ac64eb87
-
Size
118KB
-
Sample
210319-a24cjcdr3a
-
MD5
e332da214c04a1eb20214777c63989c3
-
SHA1
6f1b7cb70feb12b3d76f349f13b7ee18283c089b
-
SHA256
711ea342f393ba9f505e5d72ff1299d12fd3bb420106ae96221b5121ac64eb87
-
SHA512
8244d8314c634371d3dca8b2f30b5a61dcafe4a3f9e9faba0e233a5373307836fec77337d4c1d943cf567bd6a1ac2efa5156b5ac7dd06eadaa56f0d436b7ceaf
Static task
static1
Behavioral task
behavioral1
Sample
711ea342f393ba9f505e5d72ff1299d12fd3bb420106ae96221b5121ac64eb87.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
711ea342f393ba9f505e5d72ff1299d12fd3bb420106ae96221b5121ac64eb87.exe
Resource
win10v20201028
Malware Config
Extracted
C:\09if7d-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/29E08461823960C6
http://decoder.re/29E08461823960C6
Extracted
C:\f590d0t212-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/1BCD9ED43B973EB5
http://decoder.re/1BCD9ED43B973EB5
Targets
-
-
Target
711ea342f393ba9f505e5d72ff1299d12fd3bb420106ae96221b5121ac64eb87
-
Size
118KB
-
MD5
e332da214c04a1eb20214777c63989c3
-
SHA1
6f1b7cb70feb12b3d76f349f13b7ee18283c089b
-
SHA256
711ea342f393ba9f505e5d72ff1299d12fd3bb420106ae96221b5121ac64eb87
-
SHA512
8244d8314c634371d3dca8b2f30b5a61dcafe4a3f9e9faba0e233a5373307836fec77337d4c1d943cf567bd6a1ac2efa5156b5ac7dd06eadaa56f0d436b7ceaf
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-