sodinokibi | 2024-07-25_3d17a6951aa9901375b5e9554b76c1d0_revil_wapomi | Triage

Sharing

General

Target

2024-07-25_3d17a6951aa9901375b5e9554b76c1d0_revil_wapomi
Size

152KB
MD5

3d17a6951aa9901375b5e9554b76c1d0
SHA1

df1af8b22004c0668f2d0dde3d05ad6d5da3b0b2
SHA256

9a93ebdf53267d5d064df0fbfa5951a2ea2d503fd89e837e8600ecab8d7950ec
SHA512

98e5fad58c49bed4fc4c505d4f48d9fd33ae9b620ae3be28e5d0da7944c64e5f2b8da17e1154f08b9d9083fd39aa27350b63ce93a8213d8a9b2be9089075ddac
SSDEEP

3072:ctchTojrZxtMhiiZHjUyWr4X5FTDUfGCH:c8kjztGiiBfW8X7DUO

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-07-25_3d17a6951aa9901375b5e9554b76c1d0_revil_wapomi

Files

2024-07-25_3d17a6951aa9901375b5e9554b76c1d0_revil_wapomi
.exe windows:5 windows x86 arch:x86

f3d46e2f8717ced6d4b220e65d6ad18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiW
Sleep
VerSetConditionMask
VerifyVersionInfoW
lstrcmpA
SetThreadPriority

user32

MessageBoxW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Sections

Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

%(Z��u,
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE