sodinokibi | 221122-va3xtaea21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

221122-va3xtaea21
Size

136KB
MD5

94d087166651c0020a9e6cc2fdacdc0c
SHA1

99be22569ba9b1e49d3fd36f65faa6795672fcc0
SHA256

9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd
SHA512

0f5a413e57e4cedf0a8df3b33cda3c2c0732ded58c367633e8677bf88786eb786b85c97420fda150fecb68db74dc00f77064c3ea77d00f53904413c9ea3a93ba
SSDEEP

1536:xxd+ReKXU/MQaL7k0B/L7s+Zi+GrZxtQpfyHvtICS4A4UdZls8XzUXiWr4X5F4GC:xtchTojrZxtMhiiZHjUyWr4X5FTDU

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
221122-va3xtaea21

Files

221122-va3xtaea21
.exe windows:5 windows x86 arch:x86

f3d46e2f8717ced6d4b220e65d6ad18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiW
Sleep
VerSetConditionMask
VerifyVersionInfoW
lstrcmpA
SetThreadPriority

user32

MessageBoxW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ