sodinokibi | 2023-05-11_be059dd5f3442f498bde97f69265ccbd_revil_sodinokibi

Sharing

Copy URL

Twitter E-mail

Reason

config extraction: CfgExtr crashed: 'sodinokibi' runtime error: slice bounds out of range [8:7]

General

Target

2023-05-11_be059dd5f3442f498bde97f69265ccbd_revil_sodinokibi
Size

4.5MB
MD5

be059dd5f3442f498bde97f69265ccbd
SHA1

28a8eae3633023961f3bcc3d473b0aa1943676c4
SHA256

93ce973daa9687f185966b3133f7003006655ec9d5bf3edb881efaf0e4fbafc7
SHA512

493de3059a33e9ce8bcf67dfea31af6525764917729aeb7705eec20ab78eae3d216ddc6d9d4bebcbf7fa7748e92aa4efa1f0dbcd4e67c142c8c33a317c7c421d
SSDEEP

49152:8gLzRnMBdi16dZ4gTCZZ8JerhvIBfdsl0:8+z2E6X4g8o

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi
Sodinokibi/Revil sample 1 IoCs

Processes:

resource yara_rule

sample family_sodinokobi

resource	yara_rule
sample	family_sodinokobi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2023-05-11_be059dd5f3442f498bde97f69265ccbd_revil_sodinokibi

Files

2023-05-11_be059dd5f3442f498bde97f69265ccbd_revil_sodinokibi
.exe windows x86

c88f20b29592f2107a629e815db6afae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g6z
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

NAuDAEFW
Size: 24KB - Virtual size: 24KB

oHyNAKgg
Size: 112KB - Virtual size: 112KB

YDzvSJru
Size: 6KB - Virtual size: 5KB

gKecnAle
Size: 362KB - Virtual size: 361KB

PBUpOoEN
Size: 156KB - Virtual size: 156KB

zWkozrxt
Size: 225KB - Virtual size: 224KB

CZksGhss
Size: 17KB - Virtual size: 17KB

yJNWJbLp
Size: 3KB - Virtual size: 2KB

TJmQVaYs
Size: 44KB - Virtual size: 43KB

LGrLzoaF
Size: 91KB - Virtual size: 91KB

rZULpdib
Size: 39KB - Virtual size: 38KB

lBWBZXga
Size: 4KB - Virtual size: 4KB

DiyRKUNF
Size: 74KB - Virtual size: 73KB

mEIwrJXO
Size: 2KB - Virtual size: 2KB

OcesfTUs
Size: 421KB - Virtual size: 420KB

sqakpxyJ
Size: 43KB - Virtual size: 43KB

nabJwsjc
Size: 512B - Virtual size: 433B

qwOQSaYm
Size: 385KB - Virtual size: 385KB

SPEUiAFx
Size: 30KB - Virtual size: 30KB

ZJygBQRQ
Size: 18KB - Virtual size: 18KB

JQZZjodL
Size: 31KB - Virtual size: 31KB

eIrTlOig
Size: 80KB - Virtual size: 79KB

hxuaIiQA
Size: 41KB - Virtual size: 40KB

ksUKhxsh
Size: 45KB - Virtual size: 45KB

swAiQTGR
Size: 44KB - Virtual size: 44KB

TtebPFqa
Size: 28KB - Virtual size: 28KB

xkdafOSU
Size: 29KB - Virtual size: 29KB

PXVXVvBA
Size: 16KB - Virtual size: 16KB

jGAsRwpJ
Size: 512B - Virtual size: 212B

oOByyftI
Size: 6KB - Virtual size: 6KB

lxqdyfqn
Size: 36KB - Virtual size: 35KB

qrpHZRAr
Size: 117KB - Virtual size: 117KB

tjoGEVoA
Size: 61KB - Virtual size: 61KB

iHIaopaN
Size: 40KB - Virtual size: 40KB

UjNFMpkA
Size: 9KB - Virtual size: 9KB

CMXjessh
Size: 32KB - Virtual size: 31KB

ZXGaWfpA
Size: 6KB - Virtual size: 5KB

xIwNnAfb
Size: 55KB - Virtual size: 55KB

jcmeNVPP
Size: 25KB - Virtual size: 24KB

DgfUJzjw
Size: 23KB - Virtual size: 22KB

OdgrNDyU
Size: 31KB - Virtual size: 30KB

TztcpikA
Size: 387KB - Virtual size: 387KB

yYtFYrLO
Size: 44KB - Virtual size: 43KB

nKFKEYrg
Size: 28KB - Virtual size: 28KB

LJpPOdZR
Size: 82KB - Virtual size: 81KB

NKUwOGGW
Size: 34KB - Virtual size: 33KB

hLftHTIG
Size: 13KB - Virtual size: 13KB

uESwkyWg
Size: 34KB - Virtual size: 34KB

kzgrKByB
Size: 253KB - Virtual size: 253KB

sWMmYCwI
Size: 5KB - Virtual size: 4KB

IHhMHqMb
Size: 29KB - Virtual size: 29KB

glgknQsN
Size: 78KB - Virtual size: 78KB

nTDxFjSR
Size: 77KB - Virtual size: 76KB

IqOiclXq
Size: 46KB - Virtual size: 46KB

ikQtAYHf
Size: 32KB - Virtual size: 32KB

HhYCvxWS
Size: 21KB - Virtual size: 21KB

yNPTGype
Size: 10KB - Virtual size: 10KB

jveVdDdp
Size: 73KB - Virtual size: 73KB

RDqTlMbz
Size: 3KB - Virtual size: 2KB

nbUijQFp
Size: 3KB - Virtual size: 3KB

nnvxJxNb
Size: 52KB - Virtual size: 51KB

JfHqgSGz
Size: 512B - Virtual size: 487B

xNHKnjtj
Size: 48KB - Virtual size: 48KB

ORWDHiNv
Size: 69KB - Virtual size: 68KB

cGVsycuI
Size: 93KB - Virtual size: 93KB

yhcfXxal
Size: 34KB - Virtual size: 34KB

rxPwMSLa
Size: 512B - Virtual size: 211B

Sharing

Errors

General

Malware Config

Signatures

Files

c88f20b29592f2107a629e815db6afae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 57KB - Virtual size: 58KB

.g6z Size: 50KB - Virtual size: 50KB

.reloc Size: 1KB - Virtual size: 1KB

NAuDAEFW Size: 24KB - Virtual size: 24KB

oHyNAKgg Size: 112KB - Virtual size: 112KB

YDzvSJru Size: 6KB - Virtual size: 5KB

gKecnAle Size: 362KB - Virtual size: 361KB

PBUpOoEN Size: 156KB - Virtual size: 156KB

zWkozrxt Size: 225KB - Virtual size: 224KB

CZksGhss Size: 17KB - Virtual size: 17KB

yJNWJbLp Size: 3KB - Virtual size: 2KB

TJmQVaYs Size: 44KB - Virtual size: 43KB

LGrLzoaF Size: 91KB - Virtual size: 91KB

rZULpdib Size: 39KB - Virtual size: 38KB

lBWBZXga Size: 4KB - Virtual size: 4KB

DiyRKUNF Size: 74KB - Virtual size: 73KB

mEIwrJXO Size: 2KB - Virtual size: 2KB

OcesfTUs Size: 421KB - Virtual size: 420KB

sqakpxyJ Size: 43KB - Virtual size: 43KB

nabJwsjc Size: 512B - Virtual size: 433B

qwOQSaYm Size: 385KB - Virtual size: 385KB

SPEUiAFx Size: 30KB - Virtual size: 30KB

ZJygBQRQ Size: 18KB - Virtual size: 18KB

JQZZjodL Size: 31KB - Virtual size: 31KB

eIrTlOig Size: 80KB - Virtual size: 79KB

hxuaIiQA Size: 41KB - Virtual size: 40KB

ksUKhxsh Size: 45KB - Virtual size: 45KB

swAiQTGR Size: 44KB - Virtual size: 44KB

TtebPFqa Size: 28KB - Virtual size: 28KB

xkdafOSU Size: 29KB - Virtual size: 29KB

PXVXVvBA Size: 16KB - Virtual size: 16KB

jGAsRwpJ Size: 512B - Virtual size: 212B

oOByyftI Size: 6KB - Virtual size: 6KB

lxqdyfqn Size: 36KB - Virtual size: 35KB

qrpHZRAr Size: 117KB - Virtual size: 117KB

tjoGEVoA Size: 61KB - Virtual size: 61KB

iHIaopaN Size: 40KB - Virtual size: 40KB

UjNFMpkA Size: 9KB - Virtual size: 9KB

CMXjessh Size: 32KB - Virtual size: 31KB

ZXGaWfpA Size: 6KB - Virtual size: 5KB

xIwNnAfb Size: 55KB - Virtual size: 55KB

jcmeNVPP Size: 25KB - Virtual size: 24KB

DgfUJzjw Size: 23KB - Virtual size: 22KB

OdgrNDyU Size: 31KB - Virtual size: 30KB

TztcpikA Size: 387KB - Virtual size: 387KB

yYtFYrLO Size: 44KB - Virtual size: 43KB

nKFKEYrg Size: 28KB - Virtual size: 28KB

LJpPOdZR Size: 82KB - Virtual size: 81KB

NKUwOGGW Size: 34KB - Virtual size: 33KB

hLftHTIG Size: 13KB - Virtual size: 13KB

uESwkyWg Size: 34KB - Virtual size: 34KB

kzgrKByB Size: 253KB - Virtual size: 253KB

sWMmYCwI Size: 5KB - Virtual size: 4KB

IHhMHqMb Size: 29KB - Virtual size: 29KB

glgknQsN Size: 78KB - Virtual size: 78KB

nTDxFjSR Size: 77KB - Virtual size: 76KB

IqOiclXq Size: 46KB - Virtual size: 46KB

ikQtAYHf Size: 32KB - Virtual size: 32KB

HhYCvxWS Size: 21KB - Virtual size: 21KB

yNPTGype Size: 10KB - Virtual size: 10KB

jveVdDdp Size: 73KB - Virtual size: 73KB

RDqTlMbz Size: 3KB - Virtual size: 2KB

nbUijQFp Size: 3KB - Virtual size: 3KB

nnvxJxNb Size: 52KB - Virtual size: 51KB

JfHqgSGz Size: 512B - Virtual size: 487B

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 57KB - Virtual size: 58KB

.g6z
Size: 50KB - Virtual size: 50KB

.reloc
Size: 1KB - Virtual size: 1KB

NAuDAEFW
Size: 24KB - Virtual size: 24KB

oHyNAKgg
Size: 112KB - Virtual size: 112KB

YDzvSJru
Size: 6KB - Virtual size: 5KB

gKecnAle
Size: 362KB - Virtual size: 361KB

PBUpOoEN
Size: 156KB - Virtual size: 156KB

zWkozrxt
Size: 225KB - Virtual size: 224KB

CZksGhss
Size: 17KB - Virtual size: 17KB

yJNWJbLp
Size: 3KB - Virtual size: 2KB

TJmQVaYs
Size: 44KB - Virtual size: 43KB

LGrLzoaF
Size: 91KB - Virtual size: 91KB

rZULpdib
Size: 39KB - Virtual size: 38KB

lBWBZXga
Size: 4KB - Virtual size: 4KB

DiyRKUNF
Size: 74KB - Virtual size: 73KB

mEIwrJXO
Size: 2KB - Virtual size: 2KB

OcesfTUs
Size: 421KB - Virtual size: 420KB

sqakpxyJ
Size: 43KB - Virtual size: 43KB

nabJwsjc
Size: 512B - Virtual size: 433B

qwOQSaYm
Size: 385KB - Virtual size: 385KB

SPEUiAFx
Size: 30KB - Virtual size: 30KB

ZJygBQRQ
Size: 18KB - Virtual size: 18KB

JQZZjodL
Size: 31KB - Virtual size: 31KB

eIrTlOig
Size: 80KB - Virtual size: 79KB

hxuaIiQA
Size: 41KB - Virtual size: 40KB

ksUKhxsh
Size: 45KB - Virtual size: 45KB

swAiQTGR
Size: 44KB - Virtual size: 44KB

TtebPFqa
Size: 28KB - Virtual size: 28KB

xkdafOSU
Size: 29KB - Virtual size: 29KB

PXVXVvBA
Size: 16KB - Virtual size: 16KB

jGAsRwpJ
Size: 512B - Virtual size: 212B

oOByyftI
Size: 6KB - Virtual size: 6KB

lxqdyfqn
Size: 36KB - Virtual size: 35KB

qrpHZRAr
Size: 117KB - Virtual size: 117KB

tjoGEVoA
Size: 61KB - Virtual size: 61KB

iHIaopaN
Size: 40KB - Virtual size: 40KB

UjNFMpkA
Size: 9KB - Virtual size: 9KB

CMXjessh
Size: 32KB - Virtual size: 31KB

ZXGaWfpA
Size: 6KB - Virtual size: 5KB

xIwNnAfb
Size: 55KB - Virtual size: 55KB

jcmeNVPP
Size: 25KB - Virtual size: 24KB

DgfUJzjw
Size: 23KB - Virtual size: 22KB

OdgrNDyU
Size: 31KB - Virtual size: 30KB

TztcpikA
Size: 387KB - Virtual size: 387KB

yYtFYrLO
Size: 44KB - Virtual size: 43KB

nKFKEYrg
Size: 28KB - Virtual size: 28KB

LJpPOdZR
Size: 82KB - Virtual size: 81KB

NKUwOGGW
Size: 34KB - Virtual size: 33KB

hLftHTIG
Size: 13KB - Virtual size: 13KB

uESwkyWg
Size: 34KB - Virtual size: 34KB

kzgrKByB
Size: 253KB - Virtual size: 253KB

sWMmYCwI
Size: 5KB - Virtual size: 4KB

IHhMHqMb
Size: 29KB - Virtual size: 29KB

glgknQsN
Size: 78KB - Virtual size: 78KB

nTDxFjSR
Size: 77KB - Virtual size: 76KB

IqOiclXq
Size: 46KB - Virtual size: 46KB

ikQtAYHf
Size: 32KB - Virtual size: 32KB

HhYCvxWS
Size: 21KB - Virtual size: 21KB

yNPTGype
Size: 10KB - Virtual size: 10KB

jveVdDdp
Size: 73KB - Virtual size: 73KB

RDqTlMbz
Size: 3KB - Virtual size: 2KB

nbUijQFp
Size: 3KB - Virtual size: 3KB

nnvxJxNb
Size: 52KB - Virtual size: 51KB

JfHqgSGz
Size: 512B - Virtual size: 487B

xNHKnjtj
Size: 48KB - Virtual size: 48KB

ORWDHiNv
Size: 69KB - Virtual size: 68KB

cGVsycuI
Size: 93KB - Virtual size: 93KB

yhcfXxal
Size: 34KB - Virtual size: 34KB

rxPwMSLa
Size: 512B - Virtual size: 211B