General
-
Target
0496ca57e387b10dfdac809de8a4e039f68e8d66535d5d19ec76d39f7d0a4402.bin.sample.gz
-
Size
813KB
-
Sample
210503-bwd2ph7bm6
-
MD5
550f626ea9094614575185fc5ffcd81a
-
SHA1
5e018e2f837190b314cdebb6086506f16cb9921b
-
SHA256
1ceacfcbe6bb9817283c94680f3f07e86def7940a0e5deb764e07d67c879b137
-
SHA512
b4f21c46f97108ef0c98978751d9708443a9df26c59d6dae6c157f4094e914b2115a9e369638edbb5be332fa071d343d4f3e7d7332a0bcdd9296eec7a015a893
Static task
static1
Behavioral task
behavioral1
Sample
sample.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
sample.dll
Resource
win10v20210408
Malware Config
Extracted
C:\069d2-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A8C5CA18C6C64F7F
http://decoder.re/A8C5CA18C6C64F7F
Targets
-
-
Target
sample
-
Size
813KB
-
MD5
040818b1b3c9b1bf8245f5bcb4eebbbc
-
SHA1
c0f569fc22cb5dd8e02e44f85168b4b72a6669c3
-
SHA256
0496ca57e387b10dfdac809de8a4e039f68e8d66535d5d19ec76d39f7d0a4402
-
SHA512
bf4dcfb3c7cac05776560e751414a8babfa25fb8703768d0264133d4964f841055cfcab9f30d9854e422642855b4452b9fbf431889cb70a37ecbca7564f638c1
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-