General
-
Target
68ca9793d2249248669a6e637ebd25ab3d6accda4da0727112496fa1c5bc8af9
-
Size
119KB
-
Sample
210319-yyejrhc43a
-
MD5
4f58e4373dd886d6da4268349437e890
-
SHA1
f3b8809bcc84051f1993b7d3f087a5dbf799e913
-
SHA256
68ca9793d2249248669a6e637ebd25ab3d6accda4da0727112496fa1c5bc8af9
-
SHA512
4e88e24bdefc2e21cf86a7fb12ebb744cb04c8e43c997438c176126c651d1a3aa254e3b47156cbc8f6f8fb8e69be6613b1d07411ad0cb5f37aa1a296bb8f6533
Static task
static1
Behavioral task
behavioral1
Sample
68ca9793d2249248669a6e637ebd25ab3d6accda4da0727112496fa1c5bc8af9.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
68ca9793d2249248669a6e637ebd25ab3d6accda4da0727112496fa1c5bc8af9.dll
Resource
win10v20201028
Malware Config
Extracted
C:\6dp1ck6tn-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D0F63F820A458B4E
http://decoder.re/D0F63F820A458B4E
Targets
-
-
Target
68ca9793d2249248669a6e637ebd25ab3d6accda4da0727112496fa1c5bc8af9
-
Size
119KB
-
MD5
4f58e4373dd886d6da4268349437e890
-
SHA1
f3b8809bcc84051f1993b7d3f087a5dbf799e913
-
SHA256
68ca9793d2249248669a6e637ebd25ab3d6accda4da0727112496fa1c5bc8af9
-
SHA512
4e88e24bdefc2e21cf86a7fb12ebb744cb04c8e43c997438c176126c651d1a3aa254e3b47156cbc8f6f8fb8e69be6613b1d07411ad0cb5f37aa1a296bb8f6533
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-