sodinokibi | 230514-jg4l5sdd8y_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

230514-jg4l5sdd8y_pw_infected.zip
Size

80KB
MD5

d0bea299416b02296f5f3c3942da6de2
SHA1

c148a850dfadf21470847aae833e001561f55143
SHA256

fd421c8ccd3dbe2f19c1d10571a93d13bb872cebbac6fb97fce1de6942367d06
SHA512

429a96c6d4704f6a59c6212fa558f2e6bdd118ee8d2816f80fa1d0b10dfd062dd2fe4958e2855131c20b1a7eae3ca012d45ca28d66111d3bbacc0d42740df0da
SSDEEP

1536:6kmPiLIJNFrE2W93P2X7hbMj+3G5z4xt93A6Ol7/Jf7CJlDrIEU2p6:zmmMrEx21gjpd4j93I/JDWDo2w

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2023-05-13_c5baecf50164376ef048646969d080d4_revil

Files

230514-jg4l5sdd8y_pw_infected.zip
.zip

Password: infected
2023-05-13_c5baecf50164376ef048646969d080d4_revil
.exe windows x86

f3d46e2f8717ced6d4b220e65d6ad18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiW
Sleep
VerSetConditionMask
VerifyVersionInfoW
lstrcmpA
SetThreadPriority

user32

MessageBoxW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v0rmpw
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ