Overview

overview

10

Static

static

10

3641b09bf6eae2...45.exe

windows7_x64

9

3641b09bf6eae2...45.exe

windows10_x64

9
General
Target

3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

Filesize

1MB

Completed

24-01-2022 02:17

Task

static1

Score
10/10
MD5

bed6fc04aeb785815744706239a1f243

SHA1

3d0649b5f76dbbff9f86b926afbd18ae028946bf

SHA256

3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45

SHA256

1ed873577545dc52ffe3516b10848a0474c7f30dbaeed95c67b9b5a690acf4045c05114231dc4350e60219dea00a7e2be4cedc81a9e8655de59831ac09f53100

Malware Config

Extracted

Family

sodinokibi
Botnet

1
Campaign

4
C2

domain3.com

domain2.com

domain1.com
Attributes
net
false
pid
1
prc
mysql.exe
ransom_oneliner
Image text
ransom_template
Hello dear friend! Your files are encrypted, and, as result you can't use it. You must visit our page to get instructions about decryption process. All encrypted files have got {EXT} extension. Instructions into the TOR network ----------------------------- Install TOR browser from https://torproject.org/ Visit the following link: http://z2lnrdtp2u4tl7agvqfgnxr7jxu36egfhft3w6zklaq2fl5be7yt4gad.onion/{UID} Instructions into WWW (The following link can not be in work state, if true, use TOR above): ----------------------------- Visit the following link: http://domain2.com/{UID} Page will ask you for the key, here it is: {KEY}
sub
4
Signatures 2

Filter: none

  • Sodinokibi family

    Tags

  • Sodinokibi/Revil sample

    Reported IOCs

    resourceyara_rule
    samplefamily_sodinokobi

Files

  • 3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45 Extensions .exe Tags windows x86