General
Target
Filesize
Completed
Task
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
1MB
24-01-2022 02:17
static1
Score
10/10
MD5
SHA1
SHA256
SHA256
bed6fc04aeb785815744706239a1f243
3d0649b5f76dbbff9f86b926afbd18ae028946bf
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
1ed873577545dc52ffe3516b10848a0474c7f30dbaeed95c67b9b5a690acf4045c05114231dc4350e60219dea00a7e2be4cedc81a9e8655de59831ac09f53100
Malware Config
Extracted
Family | sodinokibi |
Botnet | 1 |
Campaign | 4 |
C2 |
domain3.com domain2.com domain1.com |
Attributes |
net false
pid 1
prc mysql.exe
ransom_oneliner Image text
ransom_template Hello dear friend!
Your files are encrypted, and, as result you can't use it. You must visit our page to get instructions about decryption process.
All encrypted files have got {EXT} extension.
Instructions into the TOR network
-----------------------------
Install TOR browser from https://torproject.org/
Visit the following link: http://z2lnrdtp2u4tl7agvqfgnxr7jxu36egfhft3w6zklaq2fl5be7yt4gad.onion/{UID}
Instructions into WWW (The following link can not be in work state, if true, use TOR above):
-----------------------------
Visit the following link: http://domain2.com/{UID}
Page will ask you for the key, here it is:
{KEY}
sub 4 |
Signatures 2
Filter: none
-
Sodinokibi family
Tags
-
Sodinokibi/Revil sample
Reported IOCs
resource yara_rule sample family_sodinokobi
Files
-
3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45