sodinokibi | 8d858f2f38e4c229f36322d21aa043ee513073919ca0101a10d93d0622366c4c

Sharing

Copy URL

Twitter E-mail

Reason

config extraction: sodinokibi: invalid character 'h' looking for beginning of value

General

Target

8d858f2f38e4c229f36322d21aa043ee513073919ca0101a10d93d0622366c4c
Size

373KB
MD5

51ffdcd9823ad0de4b89b17a5a38ae2c
SHA1

635da00ada9864de6f028b31af140384ddaef975
SHA256

8d858f2f38e4c229f36322d21aa043ee513073919ca0101a10d93d0622366c4c
SHA512

ce10894685bd1814a4e7a843b36c2d4bfdebfa93a9472fcc3a7c9b3fce2fa52646a21b5097cdfeb6a81d3a78bd3c031f9ce34b8286f4a1e59220ba7f8e238131
SSDEEP

6144:0hw3tvS2LcLyXv711tGeCgQvGUdmwIXo+M9VQHDQyspAkLKMxtP3YWAw9fI:0s7LDTEeFQvGUNuMXQ8ysHXtPPJ9fI

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi
Sodinokibi/Revil sample 1 IoCs

Processes:

resource yara_rule

sample family_sodinokobi

resource	yara_rule
sample	family_sodinokobi

Files

8d858f2f38e4c229f36322d21aa043ee513073919ca0101a10d93d0622366c4c
.exe windows x86

440aadcb03de11a2e400d1ad76da90d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetTimeZoneInformation
EnumResourceNamesA
GetQueuedCompletionStatus
GetCommMask
LocalAlloc
GetPrivateProfileSectionNamesW
MapUserPhysicalPages
ExitThread
GetFileInformationByHandle
GetNumberFormatA
CallNamedPipeA
DeleteTimerQueue
DisableThreadLibraryCalls
DeleteFileA
GetConsoleTitleA
AddConsoleAliasA
HeapSetInformation
VerSetConditionMask
AddAtomW
GetSystemWindowsDirectoryW
FindNextVolumeW
MoveFileW
WritePrivateProfileSectionA
SetSystemPowerState
VirtualProtect
GetThreadPriorityBoost
GetOEMCP
RemoveVectoredExceptionHandler
GetFileAttributesA
GetModuleFileNameA
FlushFileBuffers
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
GetProcessHeap
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
DecodePointer

gdi32

GetEnhMetaFileHeader
DeleteObject
PatBlt

advapi32

GetFileSecurityW
RegReplaceKeyW

msimg32

TransparentBlt

Exports

Exports

_ExportFuncs@4

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

440aadcb03de11a2e400d1ad76da90d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

msimg32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 92KB - Virtual size: 150KB

.gfids Size: 512B - Virtual size: 284B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 92KB - Virtual size: 150KB

.gfids
Size: 512B - Virtual size: 284B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 4KB