sodinokibi | 2023-08-22_ff1f6956f07e700a86b5986b63ea12db_revil_JC[.]exe | Triage

Sharing

General

Target

2023-08-22_ff1f6956f07e700a86b5986b63ea12db_revil_JC.exe
Size

126KB
MD5

ff1f6956f07e700a86b5986b63ea12db
SHA1

a8d88813f2691cf71e8d6790e473593644c913ed
SHA256

3e6fbc358e0204cb67a41b05771fac74f1b49737c7ab7138e415c7e9628ef545
SHA512

04f4d29f37079ef04e2b1be812d20d89dca82e4fffff28047de435425a18573cc3edfd5b148e0aded71d652583785e82585c708e0fc38b5dbda61962cbb1f927
SSDEEP

1536:YxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6QdZls8XzUXiWr4X5Fg:YMhQNDEtb3A2ZHjUyWr4X5FTDUA

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-22_ff1f6956f07e700a86b5986b63ea12db_revil_JC.exe

Files

2023-08-22_ff1f6956f07e700a86b5986b63ea12db_revil_JC.exe
.exe windows x86

f3d46e2f8717ced6d4b220e65d6ad18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiW
Sleep
VerSetConditionMask
VerifyVersionInfoW
lstrcmpA
SetThreadPriority

user32

MessageBoxW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ