Behavioral task
behavioral1
Sample
2024-06-11_ef9225ada69416798e2dc4b6b5b1e1b9_revil_sodinokibi.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-11_ef9225ada69416798e2dc4b6b5b1e1b9_revil_sodinokibi.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-11_ef9225ada69416798e2dc4b6b5b1e1b9_revil_sodinokibi
-
Size
280KB
-
MD5
ef9225ada69416798e2dc4b6b5b1e1b9
-
SHA1
55a2cd544543081f27280fef06308daefeb7c5f6
-
SHA256
c008a7199303cc2deb1e1669de963a8693abd615914bc88243d147e961e2744e
-
SHA512
61a24c0a0ab3ad1dbcd4e9b1cdfafbf210b8704b20aaaeed6e228c43c3ed94fb29b7917ef610cc68c4538cb3676309b7a3dee44361fa5fd6f4d61a6455aac7ef
-
SSDEEP
3072:Hp5SexkWinjV8jojjM7FlqJ0bUr8EpHxGLbi4eTMlwDCnu/q/IF+l4xjwKX9H:JvGWAjw7q6bUQEpYbnWJ/gIF+lmL
Malware Config
Signatures
-
Sodinokibi family
-
Sodinokibi/Revil sample 1 IoCs
Processes:
resource yara_rule sample family_sodinokobi -
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-06-11_ef9225ada69416798e2dc4b6b5b1e1b9_revil_sodinokibi
Files
-
2024-06-11_ef9225ada69416798e2dc4b6b5b1e1b9_revil_sodinokibi.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.s7bz Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ