sodinokibi | 2024-01-24_f89c4e63b3ad5dcc550ca20afb4e8be3_revil_sodinokibi

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_f89c4e63b3ad5dcc550ca20afb4e8be3_revil_sodinokibi
Size

139KB
MD5

f89c4e63b3ad5dcc550ca20afb4e8be3
SHA1

63379dd5a69d289df9f52affcf9c0dfe100800fa
SHA256

0f58625addd69f66282924298d843f12f7c2dc2e4d6571952830b880c08cdfee
SHA512

438c307f53e14c75c43b998f066367ec7ccec3511422bb11c2695941c1aee89cc0fc5a46a975fd96b62d082e8547f04df0e6222c450b7cedea9633cabce8523f
SSDEEP

3072:wi8Iy8EytSLbi4eTMlwDCnuZgDZIxnWOcCU:B8IUykbnWJZgDMWOcCU

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Sodinokibi/Revil sample 1 IoCs

resource	yara_rule
sample	family_sodinokobi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-24_f89c4e63b3ad5dcc550ca20afb4e8be3_revil_sodinokibi

Files

2024-01-24_f89c4e63b3ad5dcc550ca20afb4e8be3_revil_sodinokibi
.exe windows:5 windows x86 arch:x86

c73696d7d99c7e1ec02681926f68fc8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
IsValidSid
RegSetValueExW
AllocateAndInitializeSid
CryptAcquireContextW
RevertToSelf
RegQueryValueExW
GetUserNameW
FreeSid
ImpersonateLoggedOnUser
RegCreateKeyExW
RegOpenKeyExW
CryptGenRandom
GetTokenInformation
CheckTokenMembership
RegCloseKey

kernel32

FindNextFileW
GetFileSize
GetCurrentProcessId
GetQueuedCompletionStatus
GlobalAlloc
GlobalFree
GetSystemInfo
GetProcAddress
ReleaseMutex
UnmapViewOfFile
InitializeCriticalSection
ReadFile
LeaveCriticalSection
GetFileSizeEx
ExitProcess
GetComputerNameW
CreateThread
DeleteFileW
CreateFileW
MulDiv
LocalAlloc
DeleteCriticalSection
WriteFile
GetProcessHeap
GetDriveTypeW
GetModuleFileNameW
OpenMutexW
HeapDestroy
CloseHandle
CreateIoCompletionPort
GetNativeSystemInfo
Sleep
SetFilePointerEx
GetFileAttributesExW
FindFirstFileW
CreateMutexW
PostQueuedCompletionStatus
MoveFileW
OpenProcess
EnterCriticalSection
FindClose
HeapAlloc
CreateFileMappingW
GetVolumeInformationW
HeapCreate
CompareFileTime
MapViewOfFile
GetCurrentProcess
Process32NextW
WideCharToMultiByte
MultiByteToWideChar
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryW
SystemTimeToFileTime
TerminateProcess
CreateToolhelp32Snapshot
GetSystemDirectoryW
Process32FirstW
WaitForSingleObject
GetDiskFreeSpaceExW
GetTempPathW
VirtualAlloc

user32

FillRect
ReleaseDC
SystemParametersInfoW
wsprintfW
GetKeyboardLayoutList
GetForegroundWindow
GetDC
DrawTextW

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpOpenRequest

gdi32

CreateFontW
DeleteObject
SetTextColor
GetStockObject
SetPixel
SetBkColor
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
SetBkMode
GetObjectW
GetDIBits
GetDeviceCaps
DeleteDC

shell32

ShellExecuteExW

ntdll

_snwprintf
RtlInitUnicodeString
NtQueryInformationFile
NtOpenFile
RtlFreeHeap
RtlTimeToTimeFields
RtlGetLastWin32Error
NtClose

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

shlwapi

SHDeleteKeyW
PathFindExtensionW
SHDeleteValueW

ole32

CreateStreamOnHGlobal

winmm

timeBeginPeriod
timeGetTime

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grrr
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c73696d7d99c7e1ec02681926f68fc8d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

winhttp

gdi32

shell32

ntdll

mpr

shlwapi

ole32

winmm

crypt32

Sections

.text Size: 38KB - Virtual size: 40KB

.rdata Size: 62KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 8KB

.grrr Size: 25KB - Virtual size: 52KB

.reloc Size: 1KB - Virtual size: 4KB

.SCY Size: 6KB - Virtual size: 8KB

.text
Size: 38KB - Virtual size: 40KB

.rdata
Size: 62KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 8KB

.grrr
Size: 25KB - Virtual size: 52KB

.reloc
Size: 1KB - Virtual size: 4KB

.SCY
Size: 6KB - Virtual size: 8KB