sodinokibi | 240725-ltj5da1gqn_pw_infected[.]zip | Triage

Sharing

General

Target

240725-ltj5da1gqn_pw_infected.zip
Size

86KB
MD5

513bd8d5cf5016106675f2efa77d0d40
SHA1

fd89b68b6fc227c19637e6c03768c4148b7b73c6
SHA256

7478bc084c6aec4c5e09b1c0c52fc80786fc204e5aabaca92425291af1d141c2
SHA512

05e53ac731c1959acf515a8eccd14ddc3087896dadb02d009a0e6395c9b7eacb15fedf771b5a5d39135f48e2e3f5fac69e4f20c3ab082944dd9ee81ec05b87f5
SSDEEP

1536:Wq0HSwcqk6Tq6jvG1dMEfkRaReDOzW9KQQwUBV9yawtQWaigeFHXOcp3HNPpwlOI:WnFHTqIWackRa5W9ZQV/wtQWai3tBoMI

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2024-07-25_72d9db37db04e51f61fc7b3424a009d2_revil_wapomi

Files

240725-ltj5da1gqn_pw_infected.zip
.zip

Password: infected
2024-07-25_72d9db37db04e51f61fc7b3424a009d2_revil_wapomi
.exe windows:5 windows x86 arch:x86

7ecacfc6f1d64067e0047425ad885408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
SetErrorMode

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k797i
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�`�uA
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE