sodinokibi | 2024-06-13_b226a06e8e66949936b2cc3c61279ac1_revil | Triage

Sharing

General

Target

2024-06-13_b226a06e8e66949936b2cc3c61279ac1_revil
Size

179KB
MD5

b226a06e8e66949936b2cc3c61279ac1
SHA1

be554cde9bade94409cc7d1715bcbf6bac06ec88
SHA256

8cc4fe3a7f4e976cc1c56a152602c5c053e8f9faf0b5ed17160af6237c782e80
SHA512

805f636c6b22d29a801f53c2ce3177e1c13284c9c5190c608e2a11c4c5c1e3228f69c96406a7ab0ca6a8808f8b571bb953dd50659a4e74c9610a6af7f7187533
SSDEEP

3072:1CmB1vuTljjCAj+jrAprhFmyvEjQDKaUznxQaQFIl4i:HBlICIjhFjED39vlF

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_b226a06e8e66949936b2cc3c61279ac1_revil

Files

2024-06-13_b226a06e8e66949936b2cc3c61279ac1_revil
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kgor
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ