General
-
Target
b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96
-
Size
107KB
-
Sample
220211-mg376aebdj
-
MD5
40c01e02dd940c2b3ca1466799da68fd
-
SHA1
daa2b8467edff06bf3f8cc926534bc088049a092
-
SHA256
b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96
-
SHA512
831b89e00addfbd4e78d90e61ae6874ad6fbe4482099dbd894c4f23236edf72b5d0c86dec72a4f592f84b60e3d3f0797c1f1ae86aaa78d62a5d96ab6070ab2c5
Static task
static1
Behavioral task
behavioral1
Sample
b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\Users\Admin\Desktop\4agrfsh5tx7-HOW-TO-DECRYPT.txt
sodinokibi
http://wwylgcvegp33t2ytnsqa6klroq3kz643q5ceinkqb7x6232g3guit2id.onion
http://decryptor.top/913AED0B5FE1497D
Extracted
C:\Users\Admin\Desktop\4agrfsh5tx7-HOW-TO-DECRYPT.txt
sodinokibi
http://wwylgcvegp33t2ytnsqa6klroq3kz643q5ceinkqb7x6232g3guit2id.onion
http://decryptor.top/913AED0B5FE1497D
Targets
-
-
Target
b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96
-
Size
107KB
-
MD5
40c01e02dd940c2b3ca1466799da68fd
-
SHA1
daa2b8467edff06bf3f8cc926534bc088049a092
-
SHA256
b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96
-
SHA512
831b89e00addfbd4e78d90e61ae6874ad6fbe4482099dbd894c4f23236edf72b5d0c86dec72a4f592f84b60e3d3f0797c1f1ae86aaa78d62a5d96ab6070ab2c5
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-