shinolocker | ShinoLocker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ShinoLocker.exe
Size

190KB
MD5

d8cb551935c0e3ef5307ff6c613aa671
SHA1

e9d7117da917779b79e746cdabe0fb04c135a583
SHA256

66e8e3965bfd7cd1f8328d4032cc1897a537435ba1855f9e5b84b35d430c367f
SHA512

a43e91c142f042f60198d8a43bad45efd6ed16fb837b431556d5e6aed7be2882a7ce09389731b4aa9893a5c1a596620d1edce0b292b82d3931139933839f5828
SSDEEP

3072:a6w9+FrD19ZQb5F9BJQLdPrY7zE551QGWiE55k:1ub/

Score

10^/10

shinolocker

Malware Config

Extracted

Family

shinolocker

C2

https://shinolocker.com/

Attributes

command
vssadmin delete shadows /all /quiet
extension
.shino
extensions
bmp jpg jpeg png wmv avi mov mp4 mp3 wav ppt pptx doc docx xls xlsx docx exe
registry_key
Software\ShinoLocker
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Signatures

Shinolocker family
shinolocker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ShinoLocker.exe

Files

ShinoLocker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ