MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


REvil


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
SHA3-384 hash: 2e4bfffc0e98be68cc77960b52f8f107acde114f4225cfc338bc7d1f5eee2fe4bc17573b5c1b87edb14c18c1aa4848bc
SHA1 hash: 446771415864f4916df33aad1aa7e42fa104adee
MD5 hash: 96a157e4c0bef22e0cea1299f88d4745
humanhash: oxygen-uncle-nebraska-angel
File name:3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d.bin
Download: download sample
Signature REvil
Create hunting rule
File size:105'232 bytes
First seen:2021-06-28 22:58:30 UTC
Last seen:2021-06-28 23:38:56 UTC
File type: elf
MIME type:application/x-executable
ssdeep 3072:Gb+XoBHJ3RYjgggwgggwgggwgggwgggZQuYoL/:GDaoL
TLSH A3A34AF7E274A1ECC675B23A29CFA8FBE06074B415F6640E6BC52D4D23148890DA753B
telfhash 14e0d80ec92d0bc845e95c25d90997d34093e1a5d439f706fbd9ccc4094d945f209c5f
Reporter Arkbird_SOLG
Tags:elf Ransomware REvil

Intelligence

File Origin
# of uploads :
2
# of downloads :
668
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan-Ransom.Linux.Sodin.gen.786.17206.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
unknown
Number of open files:
116
Number of processes launched:
59
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b895d6d4-8e89-418f-8a53-461650443fc6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d/
Threat name:
Linux.Ransomware.Sodinokibi
Create hunting rule
Status:
Malicious
First seen:
2021-05-28 08:49:55 UTC
File Type:
ELF64 Little (Exe)
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
linux
Link:
https://tria.ge/reports/210628-h91ft82jq2/
Behaviour
Reads runtime system information
Reads CPU attributes
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://otx.alienvault.com/pulse/60da2c80aa5400db8f1561d5

Comments