General
-
Target
040818b1b3c9b1bf8245f5bcb4eebbbc
-
Size
813KB
-
Sample
210505-dex397jrke
-
MD5
040818b1b3c9b1bf8245f5bcb4eebbbc
-
SHA1
c0f569fc22cb5dd8e02e44f85168b4b72a6669c3
-
SHA256
0496ca57e387b10dfdac809de8a4e039f68e8d66535d5d19ec76d39f7d0a4402
-
SHA512
bf4dcfb3c7cac05776560e751414a8babfa25fb8703768d0264133d4964f841055cfcab9f30d9854e422642855b4452b9fbf431889cb70a37ecbca7564f638c1
Static task
static1
Behavioral task
behavioral1
Sample
040818b1b3c9b1bf8245f5bcb4eebbbc.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
040818b1b3c9b1bf8245f5bcb4eebbbc.dll
Resource
win10v20210410
Malware Config
Extracted
C:\13j4xcaq2r-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9654F9AF342C5545
http://decoder.re/9654F9AF342C5545
Targets
-
-
Target
040818b1b3c9b1bf8245f5bcb4eebbbc
-
Size
813KB
-
MD5
040818b1b3c9b1bf8245f5bcb4eebbbc
-
SHA1
c0f569fc22cb5dd8e02e44f85168b4b72a6669c3
-
SHA256
0496ca57e387b10dfdac809de8a4e039f68e8d66535d5d19ec76d39f7d0a4402
-
SHA512
bf4dcfb3c7cac05776560e751414a8babfa25fb8703768d0264133d4964f841055cfcab9f30d9854e422642855b4452b9fbf431889cb70a37ecbca7564f638c1
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-