sodinokibi | 2024-04-22_c377c579b7f357683d7f1508d6d53bef_revil | Triage

Sharing

General

Target

2024-04-22_c377c579b7f357683d7f1508d6d53bef_revil
Size

123KB
MD5

c377c579b7f357683d7f1508d6d53bef
SHA1

54a6a96d41334fbfd0840a1682ed1d868fe85918
SHA256

2cbeb3bdec6e2dc672e6cd7c14b01aa15a8443c0f7ce7022963207ef58d7dea1
SHA512

c05654a07568740abd5dc57d0374caf5181cdd7dea9f6cf0ebbbf51e77f031f765a2780ae414c0cfb7783ef311ec5f35eb223953166bc4e3a43c17f50058c5a4
SSDEEP

1536:7DvcP3LThpshwVs5OEbyNcY/p+2ZZICS4AIjnBR561lQVMr3IgmffEbjQFOxV:y4SVh5NcYh8gnBR5uiV1UvQFOxV

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_c377c579b7f357683d7f1508d6d53bef_revil

Files

2024-04-22_c377c579b7f357683d7f1508d6d53bef_revil
.exe windows:5 windows x86 arch:x86

7ecacfc6f1d64067e0047425ad885408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
SetErrorMode

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k797i
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE