sodinokibi | 2024-07-05_b302a6056d8a841eba908d6ad1ca9224_revil | Triage

Sharing

General

Target

2024-07-05_b302a6056d8a841eba908d6ad1ca9224_revil
Size

118KB
MD5

b302a6056d8a841eba908d6ad1ca9224
SHA1

004848c35ab4049b28956b0ef26ea1b75feb8618
SHA256

4f07bdca105c11debdf2da89f79c02d55c1396ec622a7a164719ad5c54b75bb0
SHA512

062cc9f8e18022c801e65b19de9ba8019cde85ca1b2b32818b5c757a5dab518acf9066f65527ba2859562c1f8fb1e1c9b2a105de116bb2461b5d9fe3b8a0d14a
SSDEEP

1536:6xryLRras2vlBmcJW6Xi5wBwBpaKj2dICS4ARo3xuDuZU6mKjmY0zLShEIAo:+dBVJW0BwjX/o+iUzKSER7

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-05_b302a6056d8a841eba908d6ad1ca9224_revil

Files

2024-07-05_b302a6056d8a841eba908d6ad1ca9224_revil
.exe windows:5 windows x86 arch:x86

023da91a090ec3af1347acc06423b2e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetThreadPriority
SetPriorityClass
lstrlenW
SetErrorMode
VerSetConditionMask
CloseHandle
GetExitCodeProcess
VerifyVersionInfoW
lstrcmpA

user32

MessageBoxW

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ku82yo
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ