General
-
Target
2025-03-23_561ab11981e5132b6b1a724762ccf77c_revil
-
Size
164KB
-
Sample
250323-d5gvdsslz2
-
MD5
561ab11981e5132b6b1a724762ccf77c
-
SHA1
320a039b66f1192e4f654fb213afd7c75852a35b
-
SHA256
1e962caa271bccb44def63a5b037dd867bc87dcad038e5279b8e64a248fda23c
-
SHA512
8e3e0697bf3e74830c8a283247850097c21e998ccc32ca73471a9d97523fc3e7ceeed40d9417a31b6a46c9bb6ad75b9ed3d738580d5037b039f2dd2235eb70ac
-
SSDEEP
3072:70XoUeZ/DVS8L7flcMTeYWik3LvFflPE51TkT:7eoUeZRlcYxWVTFf1E3+
Behavioral task
behavioral1
Sample
2025-03-23_561ab11981e5132b6b1a724762ccf77c_revil.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-03-23_561ab11981e5132b6b1a724762ccf77c_revil.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
C:\Users\evg59fhx-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/7096D9F858FD7E3A
http://decryptor.top/7096D9F858FD7E3A
Extracted
C:\Program Files (x86)\rkv4qsvvz-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D037680A85741923
http://decryptor.top/D037680A85741923
Targets
-
-
Target
2025-03-23_561ab11981e5132b6b1a724762ccf77c_revil
-
Size
164KB
-
MD5
561ab11981e5132b6b1a724762ccf77c
-
SHA1
320a039b66f1192e4f654fb213afd7c75852a35b
-
SHA256
1e962caa271bccb44def63a5b037dd867bc87dcad038e5279b8e64a248fda23c
-
SHA512
8e3e0697bf3e74830c8a283247850097c21e998ccc32ca73471a9d97523fc3e7ceeed40d9417a31b6a46c9bb6ad75b9ed3d738580d5037b039f2dd2235eb70ac
-
SSDEEP
3072:70XoUeZ/DVS8L7flcMTeYWik3LvFflPE51TkT:7eoUeZRlcYxWVTFf1E3+
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Sodinokibi family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-