sodinokibi | JaffaCakes118_b7c6450fdba4fb0c1bf53b946474a99ad5e6006e0a9c4cddca494625c83116ed

Sharing

Copy URL

Twitter E-mail

Reason

config extraction: CfgExtr crashed: 'sodinokibi' runtime error: slice bounds out of range [:65457] with capacity 32736

General

Target

JaffaCakes118_b7c6450fdba4fb0c1bf53b946474a99ad5e6006e0a9c4cddca494625c83116ed
Size

419KB
MD5

84e4cba8274dea6ede6dadfdd807ac10
SHA1

4ec1b43eb427b95b9e181a3a692db25f10779e88
SHA256

b7c6450fdba4fb0c1bf53b946474a99ad5e6006e0a9c4cddca494625c83116ed
SHA512

f443d866def4a6deeeb7f977d15b190565e358cdd1cbba97d146ee3c9319ce53bdae2573a53d6a4fe4005df50a136b164ef779d712ecae1dede6d8d3faf80476
SSDEEP

12288:gIUynTaTM1g/LkzdF+4AB5ZzdLHOVWeTfm:gIUfTM1CLkzdF+4mZ0WeC

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Sodinokibi/Revil sample 1 IoCs

resource	yara_rule
sample	family_sodinokobi

Files

JaffaCakes118_b7c6450fdba4fb0c1bf53b946474a99ad5e6006e0a9c4cddca494625c83116ed
.exe windows:2 windows x86 arch:x86

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

Issuer

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Not Before

30-03-2022 08:15

Not After

30-03-2023 08:35

Subject

CN=Eldon Tyrell,1.2.840.113549.1.9.1=#0c1c656c646f6e2e747972656c6c40747972656c6c2d636f72702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:d9:9a:a1:0b:ce:ab:fb:18:22:7c:68:96:40:bf:9c:d8:49:1d:eb:79:95:4c:95:c3:89:dd:cb:01:d7:98:36
Signer

Actual PE Digest

a0:d9:9a:a1:0b:ce:ab:fb:18:22:7c:68:96:40:bf:9c:d8:49:1d:eb:79:95:4c:95:c3:89:dd:cb:01:d7:98:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grrr
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

Code Sign

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:caCertificate

Extended Key Usages

Key Usages

a0:d9:9a:a1:0b:ce:ab:fb:18:22:7c:68:96:40:bf:9c:d8:49:1d:eb:79:95:4c:95:c3:89:dd:cb:01:d7:98:36Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 4KB

.grrr Size: 50KB - Virtual size: 50KB

.reloc Size: 1KB - Virtual size: 1KB

.bss Size: 37KB - Virtual size: 37KB

.itext Size: 165KB - Virtual size: 165KB

34:99:10:fc:e9:8a:6b:9f:46:fb:58:1f:bb:20:ee:ca
Certificate

a0:d9:9a:a1:0b:ce:ab:fb:18:22:7c:68:96:40:bf:9c:d8:49:1d:eb:79:95:4c:95:c3:89:dd:cb:01:d7:98:36
Signer

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 4KB

.grrr
Size: 50KB - Virtual size: 50KB

.reloc
Size: 1KB - Virtual size: 1KB

.bss
Size: 37KB - Virtual size: 37KB

.itext
Size: 165KB - Virtual size: 165KB