sodinokibi | 2024-12-29_ec837afa7014645a629b61868dac1901_revil_sodinokibi

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-29_ec837afa7014645a629b61868dac1901_revil_sodinokibi
Size

143KB
MD5

ec837afa7014645a629b61868dac1901
SHA1

97522a83570308787a24c3c68320d260de09e80f
SHA256

a9c07c997e191153ba562da36008a428cfa4768479ae809779382018a42828f1
SHA512

196ad2adc32c9f408e2f078e13bdc577dde91e2dd668547650289db851bf6e2f7768358a730e4d2fb8a59ad37511274216e09eadb6118f3473c106ecd86cd9da
SSDEEP

3072:u5RJ50nW69Lbi4eTMlwDCnu/qGB96W/y1cL:EPinWAbnWJ/fB9wcL

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi

Sodinokibi/Revil sample 1 IoCs

resource	yara_rule
sample	family_sodinokobi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-29_ec837afa7014645a629b61868dac1901_revil_sodinokibi

Files

2024-12-29_ec837afa7014645a629b61868dac1901_revil_sodinokibi
.exe windows:5 windows x86 arch:x86

4c84d10323272583b9286a1186a7fe5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
ReleaseDC
DrawTextW
SystemParametersInfoW
GetDC
GetForegroundWindow
FillRect
GetKeyboardLayoutList

ntdll

RtlGetLastWin32Error
RtlInitUnicodeString
_snwprintf
NtClose
NtOpenFile
RtlTimeToTimeFields
RtlFreeHeap

winhttp

WinHttpSendRequest
WinHttpSetOption
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpCrackUrl

kernel32

PostQueuedCompletionStatus
CreateToolhelp32Snapshot
OpenMutexW
HeapDestroy
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
LocalFree
GetFileAttributesExW
DeleteFileW
SystemTimeToFileTime
HeapCreate
CreateFileW
CreateIoCompletionPort
GetCurrentProcess
TerminateProcess
InitializeCriticalSection
CreateFileMappingW
MapViewOfFile
CompareFileTime
LeaveCriticalSection
GetFileSize
DeleteCriticalSection
OpenProcess
GlobalFree
CreateThread
WaitForSingleObject
LocalAlloc
Wow64RevertWow64FsRedirection
VirtualAlloc
Wow64DisableWow64FsRedirection
GetCommandLineW
GetModuleFileNameW
GetSystemInfo
GetQueuedCompletionStatus
SetFileAttributesW
WriteFile
Process32NextW
MulDiv
GetFileSizeEx
MoveFileW
MultiByteToWideChar
ReadFile
UnmapViewOfFile
GetComputerNameW
GetCurrentProcessId
FindNextFileW
GetTempPathW
GetProcessHeap
SetErrorMode
EnterCriticalSection
HeapAlloc
FindFirstFileW
SetFilePointerEx
GetSystemDefaultUILanguage
ExitProcess
GlobalAlloc
GetDriveTypeW
GetNativeSystemInfo
FindClose
CloseHandle
ReleaseMutex
Sleep
GetProcAddress
Process32FirstW
WideCharToMultiByte
GetVolumeInformationW
CreateMutexW
GetSystemDirectoryW
GetFileAttributesW
GetWindowsDirectoryW

advapi32

RegQueryValueExW
ImpersonateLoggedOnUser
CryptAcquireContextW
AllocateAndInitializeSid
IsValidSid
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
GetUserNameW
OpenProcessToken
RevertToSelf
GetTokenInformation
FreeSid
CryptGenRandom
CheckTokenMembership
RegCloseKey

ole32

CreateStreamOnHGlobal

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

shlwapi

SHDeleteKeyW
PathFindExtensionW
SHDeleteValueW

gdi32

GetObjectW
SetBkMode
GetDeviceCaps
GetStockObject
DeleteDC
GetDIBits
SelectObject
CreateCompatibleBitmap
SetBkColor
DeleteObject
SetTextColor
CreateCompatibleDC
SetPixel
CreateFontW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

winmm

timeBeginPeriod
timeGetTime

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s7bz
Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c84d10323272583b9286a1186a7fe5a

Headers

DLL Characteristics

File Characteristics

Imports

user32

ntdll

winhttp

kernel32

advapi32

ole32

mpr

shlwapi

gdi32

crypt32

winmm

shell32

Sections

.text Size: 41KB - Virtual size: 44KB

.rdata Size: 62KB - Virtual size: 64KB

.data Size: 5KB - Virtual size: 8KB

.s7bz Size: 26KB - Virtual size: 52KB

.reloc Size: 1KB - Virtual size: 4KB

.SCY Size: 6KB - Virtual size: 8KB

.text
Size: 41KB - Virtual size: 44KB

.rdata
Size: 62KB - Virtual size: 64KB

.data
Size: 5KB - Virtual size: 8KB

.s7bz
Size: 26KB - Virtual size: 52KB

.reloc
Size: 1KB - Virtual size: 4KB

.SCY
Size: 6KB - Virtual size: 8KB