General
-
Target
e8c724785ff0233911a56176652a8b4090ea8c99118fd2cc95409cab745747bb
-
Size
131KB
-
Sample
220124-a5b3csghem
-
MD5
eaf6a7625df801454ba48b03f7e6e4b2
-
SHA1
b7bd42c523f6694c2a8bbdbfc524051a8d7d4a2a
-
SHA256
e8c724785ff0233911a56176652a8b4090ea8c99118fd2cc95409cab745747bb
-
SHA512
3d20318d1b1753eb7c3cf802cdd2b172c6a55df6d18e1a63b24ca2cadcce2507c353b397f663099ea4c9ca508579e383051ac5698fab1e08e97969606ba9465c
Static task
static1
Behavioral task
behavioral1
Sample
e8c724785ff0233911a56176652a8b4090ea8c99118fd2cc95409cab745747bb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e8c724785ff0233911a56176652a8b4090ea8c99118fd2cc95409cab745747bb.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\7eaw1-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/EA8638C927019099
http://decryptor.top/EA8638C927019099
Extracted
C:\41522ik48-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0A89F898DE2F9BB8
http://decryptor.top/0A89F898DE2F9BB8
Targets
-
-
Target
e8c724785ff0233911a56176652a8b4090ea8c99118fd2cc95409cab745747bb
-
Size
131KB
-
MD5
eaf6a7625df801454ba48b03f7e6e4b2
-
SHA1
b7bd42c523f6694c2a8bbdbfc524051a8d7d4a2a
-
SHA256
e8c724785ff0233911a56176652a8b4090ea8c99118fd2cc95409cab745747bb
-
SHA512
3d20318d1b1753eb7c3cf802cdd2b172c6a55df6d18e1a63b24ca2cadcce2507c353b397f663099ea4c9ca508579e383051ac5698fab1e08e97969606ba9465c
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-