sodinokibi | 2024-06-13_803c99137b555584f90e85d621cce52f_revil | Triage

Sharing

General

Target

2024-06-13_803c99137b555584f90e85d621cce52f_revil
Size

142KB
MD5

803c99137b555584f90e85d621cce52f
SHA1

23166589fc85b4efe85334668f6bac8104c50d8c
SHA256

e5e8c4f5ca42f898c0c9c73f7ad0c810a2d7523186e718c52a67f97c626f6252
SHA512

cea1f95291dc12a1eee2a6648fb71f842c1020c2a7860657d93bc4109c85ae4fd054aa2adc81e16bfe6f2821776e36d92ef2cfc56d975b84a054b2bf15e7c984
SSDEEP

3072:TJMawtnGqtWoKeZC62aoNUSn6sCDFgfBS:Hw9vteQJYUo6PO

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_803c99137b555584f90e85d621cce52f_revil

Files

2024-06-13_803c99137b555584f90e85d621cce52f_revil
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iyaw
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ