3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

General
Target

3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

Size

1MB

Sample

220124-cqvx2aaccp

Score
10 /10
MD5

bed6fc04aeb785815744706239a1f243

SHA1

3d0649b5f76dbbff9f86b926afbd18ae028946bf

SHA256

3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

SHA512

1ed873577545dc52ffe3516b10848a0474c7f30dbaeed95c67b9b5a690acf4045c05114231dc4350e60219dea00a7e2be4cedc81a9e8655de59831ac09f53100

Malware Config

Extracted

Family sodinokibi
Botnet 1
Campaign 4
C2

domain3.com

domain2.com

domain1.com

Attributes
net
false
pid
1
prc
mysql.exe
ransom_oneliner
Image text
ransom_template
Hello dear friend! Your files are encrypted, and, as result you can't use it. You must visit our page to get instructions about decryption process. All encrypted files have got {EXT} extension. Instructions into the TOR network ----------------------------- Install TOR browser from https://torproject.org/ Visit the following link: http://z2lnrdtp2u4tl7agvqfgnxr7jxu36egfhft3w6zklaq2fl5be7yt4gad.onion/{UID} Instructions into WWW (The following link can not be in work state, if true, use TOR above): ----------------------------- Visit the following link: http://domain2.com/{UID} Page will ask you for the key, here it is: {KEY}
sub
4
Targets
Target

3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

MD5

bed6fc04aeb785815744706239a1f243

Filesize

1MB

Score
9/10
SHA1

3d0649b5f76dbbff9f86b926afbd18ae028946bf

SHA256

3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

SHA512

1ed873577545dc52ffe3516b10848a0474c7f30dbaeed95c67b9b5a690acf4045c05114231dc4350e60219dea00a7e2be4cedc81a9e8655de59831ac09f53100

Tags

Signatures

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    9/10

                    behavioral2

                    9/10