Static task
static1
Behavioral task
behavioral1
Sample
a26e215a307069487644e70164a0cd8d69b40b0c.exe
Resource
win10-en-20211208
Errors
General
-
Target
a26e215a307069487644e70164a0cd8d69b40b0c.rl.zip
-
Size
85KB
-
MD5
ecc19d19d6917bfc910071227792dd35
-
SHA1
b4f5bc9713fd1f7076c06973830d45edf142a98f
-
SHA256
2ee68560ea19925f91153c44e1ffacc2c982162fd00f330a0e40647099911b3b
-
SHA512
06a77573da21391e6cc93ab6fc6ea825989e213dcfee106e7fe043f07b9d5bc14b3ef52f2614ab8aa1eb7e244098f15cd77999c102257f16f896daa8d39fd9d0
-
SSDEEP
1536:kRL5ZPLz3eUZ4yig7ooU+h9YAi+8Nb/Io+LkbH8VWok6IfJ:2lZvOfX6Uc9Yl+kbHy5xIfJ
Malware Config
Signatures
-
Sodinokibi family
-
Sodinokibi/Revil sample 1 IoCs
Processes:
resource yara_rule static1/unpack001/a26e215a307069487644e70164a0cd8d69b40b0c.rl family_sodinokobi
Files
-
a26e215a307069487644e70164a0cd8d69b40b0c.rl.zip.zip
Password: infected
-
a26e215a307069487644e70164a0cd8d69b40b0c.rl.exe windows x86
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.grrr Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ