Behavioral task
behavioral1
Sample
2024-10-07_1f60c8eb7d075318852a75c2f4b70c0a_revil_sodinokibi.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-07_1f60c8eb7d075318852a75c2f4b70c0a_revil_sodinokibi.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-07_1f60c8eb7d075318852a75c2f4b70c0a_revil_sodinokibi
-
Size
130KB
-
MD5
1f60c8eb7d075318852a75c2f4b70c0a
-
SHA1
7ad5963fd67f91e186b8eb55ac5735069bc2d6a6
-
SHA256
6c0d4827848bf38f427cac60023e337fe39e2271b43f890275c4ccd6b66278d8
-
SHA512
8e29a1a6f361090540545d8322a62b4ebcfb0bbaa2bc474a30c597ba6b08a90becc0450a1d67f350943a0b5c989b004bc845592ac5f3c44f22135d17d46cdb3a
-
SSDEEP
3072:rIHI9eo42XLbi4eTMlwDCnut9N742J936+j:aIwv0bnWJtH7nJ56S
Malware Config
Signatures
-
Sodinokibi family
-
Sodinokibi/Revil sample 1 IoCs
resource yara_rule sample family_sodinokobi -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-10-07_1f60c8eb7d075318852a75c2f4b70c0a_revil_sodinokibi
Files
-
2024-10-07_1f60c8eb7d075318852a75c2f4b70c0a_revil_sodinokibi.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 39KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.eiv Size: 22KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ