shinolocker | ShinoLocker[.]exe | Triage

Sharing

General

Target

ShinoLocker.exe
Size

190KB
MD5

e67f48d46ef15875aabadea8593b7d64
SHA1

0bd90f8c891f484b535eac7383a4587f3538916c
SHA256

a640cd0d805305e4fdcc8e9c928c86d2c353c42c7bc2685183c5ccd303f7fa21
SHA512

68a7a72c55afabda1a1df9e86cdb6dc206951a6c57bc018b53011945e74ab946741841f5dab1d9da05210e0b22c4127af3d983942c73d86d787c96ca80b189ed
SSDEEP

3072:O6w9+FrD19ZQb5NdBdPrY7zE551QGWiE55k:pubW

Score

10^/10

shinolocker

Malware Config

Extracted

Family

shinolocker

C2

https://shinolocker.com/

Attributes

command
vssadmin delete shadows /all /quiet
extension
.shino
extensions
bmp jpg jpeg png wmv avi mov mp4 mp3 wav ppt pptx doc docx xls xlsx docx
registry_key
Software\ShinoLocker
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Signatures

Shinolocker family
shinolocker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ShinoLocker.exe

Files

ShinoLocker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ