sodinokibi | 2023-05-13_38bb6d3370e91deee960c8aeb6b0a50e_revil | Triage

Sharing

General

Target

2023-05-13_38bb6d3370e91deee960c8aeb6b0a50e_revil
Size

122KB
MD5

38bb6d3370e91deee960c8aeb6b0a50e
SHA1

ba9e23c4f6e7435e90e92ffef836386053c04ca3
SHA256

8ece3ce00a84b7365b96487f215cbbea379a8df57ed7c23a2add8758858fba6e
SHA512

532b5f6d68b2526250d1c307cf265b84985ce4c4bc4b00a3c6c05edb051bcc6fa06b64c987de1279746a2c5d91c951aa6c4820546cf2985a1e6d608c0a011b22
SSDEEP

1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6UdSJOfTo4QVvA3T2+g:hMhQNDEtb3AirfTz0vAVR/6

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-13_38bb6d3370e91deee960c8aeb6b0a50e_revil

Files

2023-05-13_38bb6d3370e91deee960c8aeb6b0a50e_revil
.exe windows x86

f3d46e2f8717ced6d4b220e65d6ad18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiW
Sleep
VerSetConditionMask
VerifyVersionInfoW
lstrcmpA
SetThreadPriority

user32

MessageBoxW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v0rmpw
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ