General
-
Target
2023-05-19_e41395a425a5893dd132acf35c4a5b22_revil
-
Size
166KB
-
Sample
230520-c94paacg6s
-
MD5
e41395a425a5893dd132acf35c4a5b22
-
SHA1
caa591c1738e8dc70816efa988ec2740f680e963
-
SHA256
96eab1ef06e3aa876934084636ae1f28c95c14a5badcb69be370825206b4b510
-
SHA512
b1fa4cc9ca66681ac897bd19a8ce0b1f9733bf1922fdd68888bde133e05b9ae6d872281522686056addf608d4277bb9bd2eae8312ffe5c23d4d6961ef586f4f1
-
SSDEEP
3072:1LFrb30BRtBZZg+i2ayy2RjLTuVyu7CJDgoMT3QXRDg+cdN:ZJ0BXScFy2RsQJ8zgBM+cd
Behavioral task
behavioral1
Sample
2023-05-19_e41395a425a5893dd132acf35c4a5b22_revil.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-19_e41395a425a5893dd132acf35c4a5b22_revil.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Recovery\0990v5-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/78237D9A41C8D209
http://decryptor.cc/78237D9A41C8D209
Targets
-
-
Target
2023-05-19_e41395a425a5893dd132acf35c4a5b22_revil
-
Size
166KB
-
MD5
e41395a425a5893dd132acf35c4a5b22
-
SHA1
caa591c1738e8dc70816efa988ec2740f680e963
-
SHA256
96eab1ef06e3aa876934084636ae1f28c95c14a5badcb69be370825206b4b510
-
SHA512
b1fa4cc9ca66681ac897bd19a8ce0b1f9733bf1922fdd68888bde133e05b9ae6d872281522686056addf608d4277bb9bd2eae8312ffe5c23d4d6961ef586f4f1
-
SSDEEP
3072:1LFrb30BRtBZZg+i2ayy2RjLTuVyu7CJDgoMT3QXRDg+cdN:ZJ0BXScFy2RsQJ8zgBM+cd
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-