General

  • Target

    JaffaCakes118_54755f7302c57b21afc8506340f26ad12c82cbabcf6b6d47bfd5b0fa64044c49

  • Size

    26.5MB

  • Sample

    241223-whkxmswpht

  • MD5

    320444ddca0d1923290870da2c86ba8a

  • SHA1

    458e34c434e42faf342146e948fb319e75bda660

  • SHA256

    54755f7302c57b21afc8506340f26ad12c82cbabcf6b6d47bfd5b0fa64044c49

  • SHA512

    506b60687ac88de0d79c510b6ad30532dc5c63db862dcb5e1a07207701ea90f1c3acbd06850bd875de84f77e5f140620b3a48a63a584de1dbecb05add1f18c6e

  • SSDEEP

    786432:tC3EDFT/rSSiZbBJha17FApCqZ1S1tygR+zc:tNRT/rS/B/a9iC21URQc

Malware Config

Extracted

Family

sodinokibi

Botnet

$2a$12$lTqvWf.cQvh9W5jZkAk9LO0hMLnifWtUFoBJ86Ge.hLZGVClg6xhW

Campaign

7563

Decoy

commercialboatbuilding.com

parkstreetauto.net

longislandelderlaw.com

lbcframingelectrical.com

assurancesalextrespaille.fr

smale-opticiens.nl

naturavetal.hr

global-kids.info

kaotikkustomz.com

klusbeter.nl

socstrp.org

stefanpasch.me

jandaonline.com

beyondmarcomdotcom.wordpress.com

nmiec.com

sabel-bf.com

edv-live.de

zewatchers.com

controldekk.com

berlin-bamboo-bikes.org

Attributes
  • net

    true

  • pid

    $2a$12$lTqvWf.cQvh9W5jZkAk9LO0hMLnifWtUFoBJ86Ge.hLZGVClg6xhW

  • prc

    oracle

    excel

    ocomm

    onenote

    mspub

    powerpnt

    synctime

    agntsvc

    dbeng50

    isqlplussvc

    firefox

    mydesktopservice

    steam

    winword

    dbsnmp

    ocautoupds

    thunderbird

    sqbcoreservice

    ocssd

    encsvc

    xfssvccon

    tbirdconfig

    wordpad

    infopath

    visio

    outlook

    msaccess

    sql

    mydesktopqos

    thebat

  • ransom_oneliner

    All of your files are encrypted! Find {EXT}-readme.txt and follow instuctions

  • ransom_template

    ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decoder.re/{UID} Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: {KEY} ----------------------------------------------------------------------------------------- We will use the data gathered from your systems in future campaigns in 14 days !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!

  • sub

    7563

  • svc

    veeam

    svc$

    memtas

    sophos

    sql

    vss

    backup

    mepocs

Targets

    • Target

      die_win32_portable/Qt5Core.dll

    • Size

      5.1MB

    • MD5

      7d180286e9c071c7bc3a6bc2ace792ac

    • SHA1

      f5947d69aeaacc8a378721f3750b049cc41dddef

    • SHA256

      4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4

    • SHA512

      9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167

    • SSDEEP

      49152:q1AH+7g4QrRpvOK8Bbl+Gy+/LZsxRFNHlZTlJsv6tWKFdu9C/cPk4VHEYI9CV4eO:E5gje5lCjzJsv6tWKFdu9CtvDhgwcY

    Score
    3/10
    • Target

      die_win32_portable/Qt5Gui.dll

    • Size

      5.6MB

    • MD5

      5b0f3d5b1b29b5e650375093c7afa243

    • SHA1

      1920cbc98bd46a3a72bcfb45caefcfa2649a92e6

    • SHA256

      80016776efea2b2a838c3ffa4c82e5f146baff68c36073c0c34668809d1c4297

    • SHA512

      9db9a90ab5a1a768e079cf9b10f1da868ac7dae774e90e139ee047c9c8fb43cc5b3e01ae3724ea74efd64409eeeafbcda4f04da3e86265575a3831a4fc69cc8c

    • SSDEEP

      49152:FKUDGaBVW3sDAPNaiCZPcSnt8KQ6oOtA/tiG7WwjrAxLXwQ98vd+hc0WM66fL5cQ:wUKssPdOy/tZWnXThVc5tnB6NDrd

    Score
    3/10
    • Target

      die_win32_portable/Qt5Network.dll

    • Size

      1.0MB

    • MD5

      2e3db1cd1ec59d08706438258e86ea30

    • SHA1

      bc20b1e40049386e6bea3f448a6852bc879a8821

    • SHA256

      37275f3ea79d15a2792bf21f71f1df825f201cf8b33aa1f94ca93d62d76b216c

    • SHA512

      0c0e0e02ccadc3f2b3f6c8cbf2c162fb73734b0b244c80048968a6fe268450a270a3f92b155daf6268fef246d26ad417e6cec224133fd66e6ffb3a5394b04358

    • SSDEEP

      24576:Aul0ktv339DOBVXaIFP698DWk7PVmr0qwjb:A8sJVWAcwnH

    Score
    3/10
    • Target

      die_win32_portable/Qt5OpenGL.dll

    • Size

      264KB

    • MD5

      d6fe9f60aedb9670c68a1f182d73f9db

    • SHA1

      68d30c9318c777d5f1c41727227376ce09cd6ab1

    • SHA256

      0dd88990bbcce8a23020ed9c0b442cf5e46deefb75c0c412d459c7e6c7481bb8

    • SHA512

      1ae7615942493987c4c7a01903ee60b3e34484b9097135ea1f6e9b1534971676cc5673c54de6a3ff47173a9a71090942f42d71327f75361e3ef702c2e554d2ee

    • SSDEEP

      6144:kyzfysU2y35sez4ScaXIivFS2JTnll0iEZA+IWlJl0BVQ7DCK/e84tGmaBkEGbCW:vU2Xe2aXIuo2Jzll0y+y/X3

    Score
    3/10
    • Target

      die_win32_portable/Qt5Script.dll

    • Size

      1.1MB

    • MD5

      93ba31fa3c00eba4c07f2b939f74bef9

    • SHA1

      e412c7e87dc6a322965b0a532e2e18f228c5c482

    • SHA256

      9b3413014a291f6f35cbc683334a59d260991de9268c19a2a90339923395558d

    • SHA512

      9b4631aaeac134b42d475f98382199481b3b369779fe56436a8729a92eef91083928b266736be37fac5924eeaa92d07a1471b615d4d999fd0efce093656beb79

    • SSDEEP

      24576:tL9/bECYWBdRC9NYJSX8Qidz5AtWoLSs0y/lAhdv6ZrYiNJtBKL:cC5iYHH5AtWoLSIO65oL

    Score
    3/10
    • Target

      die_win32_portable/Qt5ScriptTools.dll

    • Size

      445KB

    • MD5

      58080a90d38cbb4cde81c33435cc74e8

    • SHA1

      5d611c684c7f95c0141635a72a07ad8419c6a1fa

    • SHA256

      c8307f7cd7bcfe9fa145b52d7aae5623d0e4eeca5c887d28f902e94a94e2c386

    • SHA512

      7aec19460a2dbf5ed4916505efa66ff26d8e8fd01742bb341bf0cd562db98f476b539919f4f9311cb954add039b92bbc0372fc9c4fc9e74ceaba77543e8f1d2b

    • SSDEEP

      6144:iFhO5sznGo1M5FVtIiFZWsVZomuqgvNkPByPJK6cawH7BeDOrVxa3JiUAcsey1RQ:zm1M57WiFZbZLuqgvNu/a3JHc+nB

    Score
    3/10
    • Target

      die_win32_portable/Qt5Svg.dll

    • Size

      257KB

    • MD5

      ef0d5a2dc1d7a921f2bb0eb3eef2e481

    • SHA1

      cb167ec49221ec5245fd9bff7e7eed6c7cf38d51

    • SHA256

      ade28d4cbac1e033468cb48f380352f0df7fbbce03261c48827b8a5ed7a1548e

    • SHA512

      ecb41cb9bc4a4470f039d02441a0c0e8c596ffd55deb924e516c4c8fc880357d5d2d1ef36e63b1303faa7dac5c921679a0f405c39f6e0b32b3746c972653b789

    • SSDEEP

      6144:71lj55OgW5ODJ+bXhE4o+K08LJw8Rk8bOvR1yGaucmSJyUIEDv8ma4y4GeO43iUM:7bJ+bXK4o+K08ROvR8ucmSun5h

    Score
    3/10
    • Target

      die_win32_portable/Qt5Widgets.dll

    • Size

      4.3MB

    • MD5

      da70580648a398ab1c5336ee9ec631ca

    • SHA1

      fa67a8a2d7f7930a45974dcb7a12e56914bf0a57

    • SHA256

      600285754e7eee7239b9d252dbed5c9d2c9c4c432751b8953dcb2e8b45e0408a

    • SHA512

      83d85df1717a5b1dd5b31f5ab33e73d1442027a719af7fdcd20d578598f436d63e7cf58287cbe34dbee8d5b0464a68dfd471d8ec6a95a3168eb8639864a7adfc

    • SSDEEP

      49152:ypo1FNXS+dh75PMvZZNNt+iIo5uL5Sdbtye6cEu0n:oIPqZZUfwusae6ju0n

    Score
    3/10
    • Target

      die_win32_portable/db/ACE

    • Size

      1KB

    • MD5

      eabf535824e6da23168b476f46c339c2

    • SHA1

      fa86fb1dc0213b4f0e09d226baf259113f8d4fab

    • SHA256

      6280ef69e17a5bf7fbb4555f801213affc7fd32ecd2db18939469a27a7429df8

    • SHA512

      2371d4ceed160ff8e1223e5ada219dda88500b2929cbc6dd50c2d3d2a7468af9d0df2887b83d3b01847d775e635dc0c65c745c54704ef0957ffdcb793db5b256

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/ANI.1.sg

    • Size

      1KB

    • MD5

      4824d2f9586bcca78ad5f7acd54bbe69

    • SHA1

      ffc02c8cbdc0bfe35ab52ff099a50a1cd3338952

    • SHA256

      7ebc2940dca53bb910b3d48700d2be2077d999b797e18db9f1586b2a540cf835

    • SHA512

      c62ba484dfc0131deef60eb6bfd111fe052a31f70f546d869fa2391d239e48789d935eb0bbf499e0916b7f7ed395d25df028256be1a708d3455cf2a8eb2b862f

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/COFF library.1.sg

    • Size

      954B

    • MD5

      67bc3e3985f6cf022d71b17ec2f79083

    • SHA1

      6aa46a309854e5d746d8effceda731ff899a1b5b

    • SHA256

      b636d51986bbf44905f93fd2af56421140b78f709e0972ef27904ef4a7ec6b3a

    • SHA512

      9ce9bbfbc3e8942833b81ac98fb58162bff7cb3705abd7fa91b67a2604f90abcc0a743ae817dfde89d8e4a43709c8c7336f43e7e6e2f93292446cf4d6dc2ba2a

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/CUR.1.sg

    • Size

      1KB

    • MD5

      40b1c3402c044a53a79b5a7c34dd471e

    • SHA1

      15032388a516d35079973bfeac43e7a565e15f83

    • SHA256

      e45b1bb8c02c30335f646338e6896d160b036ee70a1cc90a70364a48a125d57b

    • SHA512

      98dfad658db390297b88135fc5f83607910d81dc1fb17d9c4413a816d6c6c5fee1dd54a97cfb485c22832c4c9203d9f65da7652c7bf7089b6520f1f69e203ff3

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/Cab.1.sg

    • Size

      664B

    • MD5

      ca39c12a726c7d8b0b7c2fac4b9aaae5

    • SHA1

      57660ea49fe2885443c8e5766d84abd320cf72d6

    • SHA256

      d1ef3625bc7d265f6cd35db9d3764e8cb375fb1ae2969d47edca96aa87ecbc7b

    • SHA512

      7fd3d659d9b667cd08a761f9991dc5d61fa066d24ac8df4bf6b642de6ca69fa6daa41da95250c25281bb03408cead44c24d47358ba33c2fd92056d4b4001cca5

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/GuitarPro.1.sg

    • Size

      3KB

    • MD5

      1b9d75eb5ff7cd9b8b16b2607a56509a

    • SHA1

      beec8bc83e001629f9eb739fb966e10456415297

    • SHA256

      320bed52b5a37d3f2307745b543dfe0879a41c6858a81047b798cff7894ae632

    • SHA512

      4d4ced0958add0b67ad00f9306affc13436ab193ed78016b451e38bdbf6311e22af84c449e77b1780eb9b111484c638e7fb8199137388befc304b1b56a8df885

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/ICO.1.sg

    • Size

      1KB

    • MD5

      42d6ad9da510ee08ca80608ac35d3dfd

    • SHA1

      81efef52e86860b469fe4319188c0717d7922697

    • SHA256

      27a2ffd08f252e732c5baa3de44c6d5cad29b3e25b3a4902b6f1f3c97b2d3174

    • SHA512

      76d318bdecc3fd798f39246c2f62653044f64e5ecfa1242445c2de4a1bccfe3481a790a41ca37adcde1c499e22c4785b1dde96b0b8722e54e8f412b28cbe4013

    Score
    3/10
    • Target

      die_win32_portable/db/Binary/JPEG.1.sg

    • Size

      1KB

    • MD5

      d7d952a06ed7f0efe1f335192de24316

    • SHA1

      f8d59ff140b900761de26077aae7e85de47e41ed

    • SHA256

      c88eed9c24b70ce02bb9e3dceb952c47ed1e24d88484763b0c222114e569025b

    • SHA512

      425132decf746b67b4e1f99458a4231b9f0a7fbeff7b129bbca348aa5e919b1df43db69cb55f0703e16a7739e8adbd8c26d9560a1c234714d56ae630825e10b9

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pdflink$2a$12$ltqvwf.cqvh9w5jzkak9lo0hmlnifwtufobj86ge.hlzgvclg6xhw7563sodinokibi
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10