sodinokibi | f8e8ce3e33548cac9a3e2ae88920fc0b1a6faa7fd6faa673a42fa37263e1994d | Triage

Sharing

General

Target

f8e8ce3e33548cac9a3e2ae88920fc0b1a6faa7fd6faa673a42fa37263e1994d
Size

64KB
MD5

3d287d73344e71131c328540c367f2d0
SHA1

d4042133b5a802f2b9480ee25ad360b7e661e554
SHA256

f8e8ce3e33548cac9a3e2ae88920fc0b1a6faa7fd6faa673a42fa37263e1994d
SHA512

e2b360f3b64736110e35229bce9f88312f0809e8405542bbb8a2ad31223fb1c4452df16f7e339989da63afb5cdd4f680a0391c1d52253d409200d2691b6358b1
SSDEEP

1536:FYVLroT4ciMeW75jVZF+pWGRjICS4At+GbvF0h:FHixaVZFiOCDh

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi
Sodinokibi/Revil sample 1 IoCs

Processes:

resource yara_rule

sample family_sodinokobi

Files

f8e8ce3e33548cac9a3e2ae88920fc0b1a6faa7fd6faa673a42fa37263e1994d
.exe windows x86

c88f20b29592f2107a629e815db6afae

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g6z
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ