General
-
Target
fc60327dd121edebeac149012a66191b38ec0427697c4fb86d4218f6e023fc93
-
Size
125KB
-
Sample
220124-az78lsghb6
-
MD5
997717946529844208dace3d0b1ed237
-
SHA1
a9845dacc58b6e542bd4972395da06d096246f79
-
SHA256
fc60327dd121edebeac149012a66191b38ec0427697c4fb86d4218f6e023fc93
-
SHA512
25b10392315106a234c1d8881200724576acba6d6beb7684dceb2aeeae749d2a55c210988ce93195a2e96904f1e13fc23ac77fd4f750cc375a792aad4d61124a
Static task
static1
Behavioral task
behavioral1
Sample
fc60327dd121edebeac149012a66191b38ec0427697c4fb86d4218f6e023fc93.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
fc60327dd121edebeac149012a66191b38ec0427697c4fb86d4218f6e023fc93.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\k3fzcjjz0-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/30D5E548A0E9A7A4
http://decryptor.cc/30D5E548A0E9A7A4
Extracted
C:\mmxbnkn41p-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/82DED475B74B65A1
http://decryptor.cc/82DED475B74B65A1
Targets
-
-
Target
fc60327dd121edebeac149012a66191b38ec0427697c4fb86d4218f6e023fc93
-
Size
125KB
-
MD5
997717946529844208dace3d0b1ed237
-
SHA1
a9845dacc58b6e542bd4972395da06d096246f79
-
SHA256
fc60327dd121edebeac149012a66191b38ec0427697c4fb86d4218f6e023fc93
-
SHA512
25b10392315106a234c1d8881200724576acba6d6beb7684dceb2aeeae749d2a55c210988ce93195a2e96904f1e13fc23ac77fd4f750cc375a792aad4d61124a
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-