sodinokibi | 2024-12-18_663069fe32ab671af55a5f79693aa937_revil_sodinokibi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-18_663069fe32ab671af55a5f79693aa937_revil_sodinokibi
Size

143KB
MD5

663069fe32ab671af55a5f79693aa937
SHA1

6dc5ba588eff210e790b81112c3614c8eb072f46
SHA256

626d8502352b9f4566cc6ed640b4dd22654e7f8ff8f8bd36b4c7b251f1e862ef
SHA512

74a46ae851d114398eb22abead0eaceace82b734d71a6b7a52c6b4db3c8e1843997275725177c1d77f2bc4cdce43549132fb30b6f51bc9cecd0b39e0d0b756c3
SSDEEP

3072:G3JTzbiW8jLbi4eTMlwDCnu/pGB96W/y1cL:GZn2WYbnWJ/0B9wcL

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Sodinokibi/Revil sample 1 IoCs

resource	yara_rule
sample	family_sodinokobi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-18_663069fe32ab671af55a5f79693aa937_revil_sodinokibi

Files

2024-12-18_663069fe32ab671af55a5f79693aa937_revil_sodinokibi
.exe windows:5 windows x86 arch:x86

4c84d10323272583b9286a1186a7fe5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
ReleaseDC
DrawTextW
SystemParametersInfoW
GetDC
GetForegroundWindow
FillRect
GetKeyboardLayoutList

ntdll

RtlGetLastWin32Error
RtlInitUnicodeString
_snwprintf
NtClose
NtOpenFile
RtlTimeToTimeFields
RtlFreeHeap

winhttp

WinHttpSendRequest
WinHttpSetOption
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpCrackUrl

kernel32

PostQueuedCompletionStatus
CreateToolhelp32Snapshot
OpenMutexW
HeapDestroy
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
LocalFree
GetFileAttributesExW
DeleteFileW
SystemTimeToFileTime
HeapCreate
CreateFileW
CreateIoCompletionPort
GetCurrentProcess
TerminateProcess
InitializeCriticalSection
CreateFileMappingW
MapViewOfFile
CompareFileTime
LeaveCriticalSection
GetFileSize
DeleteCriticalSection
OpenProcess
GlobalFree
CreateThread
WaitForSingleObject
LocalAlloc
Wow64RevertWow64FsRedirection
VirtualAlloc
Wow64DisableWow64FsRedirection
GetCommandLineW
GetModuleFileNameW
GetSystemInfo
GetQueuedCompletionStatus
SetFileAttributesW
WriteFile
Process32NextW
MulDiv
GetFileSizeEx
MoveFileW
MultiByteToWideChar
ReadFile
UnmapViewOfFile
GetComputerNameW
GetCurrentProcessId
FindNextFileW
GetTempPathW
GetProcessHeap
SetErrorMode
EnterCriticalSection
HeapAlloc
FindFirstFileW
SetFilePointerEx
GetSystemDefaultUILanguage
ExitProcess
GlobalAlloc
GetDriveTypeW
GetNativeSystemInfo
FindClose
CloseHandle
ReleaseMutex
Sleep
GetProcAddress
Process32FirstW
WideCharToMultiByte
GetVolumeInformationW
CreateMutexW
GetSystemDirectoryW
GetFileAttributesW
GetWindowsDirectoryW

advapi32

RegQueryValueExW
ImpersonateLoggedOnUser
CryptAcquireContextW
AllocateAndInitializeSid
IsValidSid
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
GetUserNameW
OpenProcessToken
RevertToSelf
GetTokenInformation
FreeSid
CryptGenRandom
CheckTokenMembership
RegCloseKey

ole32

CreateStreamOnHGlobal

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

shlwapi

SHDeleteKeyW
PathFindExtensionW
SHDeleteValueW

gdi32

GetObjectW
SetBkMode
GetDeviceCaps
GetStockObject
DeleteDC
GetDIBits
SelectObject
CreateCompatibleBitmap
SetBkColor
DeleteObject
SetTextColor
CreateCompatibleDC
SetPixel
CreateFontW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

winmm

timeBeginPeriod
timeGetTime

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s7bz
Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c84d10323272583b9286a1186a7fe5a

Headers

DLL Characteristics

File Characteristics

Imports

user32

ntdll

winhttp

kernel32

advapi32

ole32

mpr

shlwapi

gdi32

crypt32

winmm

shell32

Sections

.text Size: 41KB - Virtual size: 44KB

.rdata Size: 62KB - Virtual size: 64KB

.data Size: 5KB - Virtual size: 8KB

.s7bz Size: 26KB - Virtual size: 52KB

.reloc Size: 1KB - Virtual size: 4KB

.SCY Size: 6KB - Virtual size: 8KB

.text
Size: 41KB - Virtual size: 44KB

.rdata
Size: 62KB - Virtual size: 64KB

.data
Size: 5KB - Virtual size: 8KB

.s7bz
Size: 26KB - Virtual size: 52KB

.reloc
Size: 1KB - Virtual size: 4KB

.SCY
Size: 6KB - Virtual size: 8KB