General
-
Target
6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11
-
Size
116KB
-
Sample
210319-w6g11wc13j
-
MD5
c647b2da83ef8e1a790d1e0e25898780
-
SHA1
02871c02e581ad345f1c438b6c8c730cf2d2f534
-
SHA256
6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11
-
SHA512
f169ebc4ffbb3d0cf8f526e0cde89706b4521086ccb0f7653cd881b595aae2727891e8ea3eb6bace263d704b0ef9a0151094c03b7c1800cb5d4e54eaaf3453e7
Static task
static1
Behavioral task
behavioral1
Sample
6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11.exe
Resource
win10v20201028
Malware Config
Extracted
C:\i1vr96my-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EE5D9956A4CCE8B7
http://decoder.re/EE5D9956A4CCE8B7
Targets
-
-
Target
6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11
-
Size
116KB
-
MD5
c647b2da83ef8e1a790d1e0e25898780
-
SHA1
02871c02e581ad345f1c438b6c8c730cf2d2f534
-
SHA256
6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11
-
SHA512
f169ebc4ffbb3d0cf8f526e0cde89706b4521086ccb0f7653cd881b595aae2727891e8ea3eb6bace263d704b0ef9a0151094c03b7c1800cb5d4e54eaaf3453e7
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-