General
-
Target
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
-
Size
1MB
-
Sample
220124-cqvx2aaccp
-
MD5
bed6fc04aeb785815744706239a1f243
-
SHA1
3d0649b5f76dbbff9f86b926afbd18ae028946bf
-
SHA256
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
-
SHA512
1ed873577545dc52ffe3516b10848a0474c7f30dbaeed95c67b9b5a690acf4045c05114231dc4350e60219dea00a7e2be4cedc81a9e8655de59831ac09f53100
Static task
static1
Behavioral task
behavioral1
Sample
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45.exe
Resource
win10-en-20211208
Malware Config
Extracted
sodinokibi
1
4
domain3.com
domain2.com
domain1.com
-
net
false
-
pid
1
-
prc
mysql.exe
-
ransom_oneliner
Image text
-
ransom_template
Hello dear friend! Your files are encrypted, and, as result you can't use it. You must visit our page to get instructions about decryption process. All encrypted files have got {EXT} extension. Instructions into the TOR network ----------------------------- Install TOR browser from https://torproject.org/ Visit the following link: http://z2lnrdtp2u4tl7agvqfgnxr7jxu36egfhft3w6zklaq2fl5be7yt4gad.onion/{UID} Instructions into WWW (The following link can not be in work state, if true, use TOR above): ----------------------------- Visit the following link: http://domain2.com/{UID} Page will ask you for the key, here it is: {KEY}
-
sub
4
Targets
-
-
Target
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
-
Size
1MB
-
MD5
bed6fc04aeb785815744706239a1f243
-
SHA1
3d0649b5f76dbbff9f86b926afbd18ae028946bf
-
SHA256
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
-
SHA512
1ed873577545dc52ffe3516b10848a0474c7f30dbaeed95c67b9b5a690acf4045c05114231dc4350e60219dea00a7e2be4cedc81a9e8655de59831ac09f53100
Score9/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation