shinolocker | ShinoLocker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ShinoLocker.exe
Size

190KB
MD5

0e68b9240c8e67b909c5d8f16d1c0449
SHA1

d8f6b1b3e1b89845978f86757b2a12039bf42577
SHA256

cd629711b9104791489a3b277bd844e805572387ba28f558b1ad802591af67c9
SHA512

b8b25737260d456ce9c5f3fd3f5c6ebd9529ba4ab7714ff5bd2f97989e70cce34eda8e8c802dfaa9b52ef42d9141cb58c4a2e7a16872e5eb9c4e9beaa18ef6ea
SSDEEP

3072:w6w9+FrD19ZQb5e+L0ldPrY7zE551QGWiE55k:bubJ

Score

10^/10

shinolocker

Malware Config

Extracted

Family

shinolocker

C2

https://shinolocker.com/

Attributes

command
vssadmin delete shadows /all /quiet
extension
.shino
extensions
bmp jpg jpeg png wmv avi mov mp4 mp3 wav ppt pptx doc docx xls xlsx docx
registry_key
Software\ShinoLocker
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Signatures

Shinolocker family
shinolocker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ShinoLocker.exe

Files

ShinoLocker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ