sodinokibi | 2024-06-13_d9a85a06daf532fc4343ad20185825b7_revil | Triage

Sharing

General

Target

2024-06-13_d9a85a06daf532fc4343ad20185825b7_revil
Size

123KB
MD5

d9a85a06daf532fc4343ad20185825b7
SHA1

ff0149c5197bd729c5e7f97dba9746d741a39e55
SHA256

361ee9bd4ece74cf4500849f006ffa9a3236540618145efd28178f1ae047dec1
SHA512

bce61834b75a265260447b061c9c9c6abaaad045897e1a41f04ed3029b2ce7fbb4692db5926829d72666bf30d0b337a55cbbe5b40edf29eb6fbf89a06fc4eb94
SSDEEP

1536:2DvcP3LThpshwVs5OE8KNcYQp+2ZZICS4AnjnBR561lQVMr3IgmffEbjQFOxU:B4SVhiNcYM81nBR5uiV1UvQFOxU

Score

10^/10

Malware Config

Signatures

Sodinokibi family
sodinokibi
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

2024-06-13_d9a85a06daf532fc4343ad20185825b7_revil

Files

2024-06-13_d9a85a06daf532fc4343ad20185825b7_revil
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k797i
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE