General
-
Target
510c4c7283b3637947781b8a568c23de1896601813aad52062e319dbd9877329
-
Size
120KB
-
Sample
210319-j3hxrta6aa
-
MD5
657c649437f3a74dfb90b5fe767d326f
-
SHA1
341ad6a639fb7ea6d3fcfaf976cd78619bf0c35d
-
SHA256
510c4c7283b3637947781b8a568c23de1896601813aad52062e319dbd9877329
-
SHA512
2a096d7dcd3f212d32d6122952d56691c0a4be6f02a5a2818218b7e0da4abefebffa2c7f93a56c7e74463f5b743d0e6eaebfb93a8238770f37f2ce43826e9d74
Static task
static1
Behavioral task
behavioral1
Sample
510c4c7283b3637947781b8a568c23de1896601813aad52062e319dbd9877329.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
510c4c7283b3637947781b8a568c23de1896601813aad52062e319dbd9877329.exe
Resource
win10v20201028
Malware Config
Extracted
C:\1z2t5cq47x-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/AD20B48AAA252385
http://decoder.re/AD20B48AAA252385
Targets
-
-
Target
510c4c7283b3637947781b8a568c23de1896601813aad52062e319dbd9877329
-
Size
120KB
-
MD5
657c649437f3a74dfb90b5fe767d326f
-
SHA1
341ad6a639fb7ea6d3fcfaf976cd78619bf0c35d
-
SHA256
510c4c7283b3637947781b8a568c23de1896601813aad52062e319dbd9877329
-
SHA512
2a096d7dcd3f212d32d6122952d56691c0a4be6f02a5a2818218b7e0da4abefebffa2c7f93a56c7e74463f5b743d0e6eaebfb93a8238770f37f2ce43826e9d74
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-