General
-
Target
2024-06-11_4d5d9411e1b8ca44b771f13e2de2219b_revil_sodinokibi
-
Size
382KB
-
Sample
240611-qm8xdayeqq
-
MD5
4d5d9411e1b8ca44b771f13e2de2219b
-
SHA1
903d2cd37ede4563ed81d256e9ee6068ec70a63a
-
SHA256
fcc12388b7ae16efd8157df3fe8fd56ffaf913845ff1d603af7f1ef3b2e09627
-
SHA512
725f64b0d2b8e4284a3422ff3a66aef1084cdfa4572ec79ec3cb300fc8f51113fda57bd8425ea699bea8fe01b88b7bf4801f04550050eae0502a18ce553c1bf7
-
SSDEEP
6144:Txabm6ij2JyQHHwIJOFYhs+gZ8XybnWJ/gIF+lmLrvGW4:NWJyQHHwIJOqhILkYIOovGW4
Malware Config
Targets
-
-
Target
2024-06-11_4d5d9411e1b8ca44b771f13e2de2219b_revil_sodinokibi
-
Size
382KB
-
MD5
4d5d9411e1b8ca44b771f13e2de2219b
-
SHA1
903d2cd37ede4563ed81d256e9ee6068ec70a63a
-
SHA256
fcc12388b7ae16efd8157df3fe8fd56ffaf913845ff1d603af7f1ef3b2e09627
-
SHA512
725f64b0d2b8e4284a3422ff3a66aef1084cdfa4572ec79ec3cb300fc8f51113fda57bd8425ea699bea8fe01b88b7bf4801f04550050eae0502a18ce553c1bf7
-
SSDEEP
6144:Txabm6ij2JyQHHwIJOFYhs+gZ8XybnWJ/gIF+lmLrvGW4:NWJyQHHwIJOqhILkYIOovGW4
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Sodinokibi/Revil sample
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-