Behavioral task
behavioral1
Sample
2024-12-15_686945e626afdb5f30dc6a0161ab0c1b_revil_sodinokibi.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-12-15_686945e626afdb5f30dc6a0161ab0c1b_revil_sodinokibi.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-12-15_686945e626afdb5f30dc6a0161ab0c1b_revil_sodinokibi
-
Size
164KB
-
MD5
686945e626afdb5f30dc6a0161ab0c1b
-
SHA1
55beb291f76b079aadff99fd285b281a588e30c1
-
SHA256
1c0cd574f77a7ca07c1cd2e1bcc70b93f19ba0afc7ea9c74f6eb3ca4ae8f54d6
-
SHA512
3e3cc3d74035cb3d4524a837280b48c19359209377a2d29e79aa90bc8dfa1e2214b7b19b117786f0e11bd0921c1643d53458c8b60f416c0ffe50693b82a5461d
-
SSDEEP
3072:H+JFMqF70W2pLbi4eTMlwDCnu/lGB96W/y:smqN0W4bnWJ/gB9
Malware Config
Signatures
-
Sodinokibi family
-
Sodinokibi/Revil sample 1 IoCs
resource yara_rule sample family_sodinokobi -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-12-15_686945e626afdb5f30dc6a0161ab0c1b_revil_sodinokibi
Files
-
2024-12-15_686945e626afdb5f30dc6a0161ab0c1b_revil_sodinokibi.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.s7bz Size: 26KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ