MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3df08c90e98d8d2ea80095d993f78b713a96e470a28a02df4d9f07d7d824c599. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sodinokibi

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	3df08c90e98d8d2ea80095d993f78b713a96e470a28a02df4d9f07d7d824c599
SHA3-384 hash:	2d23b2422e0e7ddd791e8a2324014cfa6b2c794d62b634176589d086360ce6ccaeadcb122f6a3aeabe91ef4079287c03
SHA1 hash:	7e86d60796e75adf594e7b82a28eff34df6ea7f1
MD5 hash:	dfa1d01a578916746081c057fda5a143
humanhash:	black-lion-sodium-ohio
File name:	WZz070GE.exe
Download:	download sample
Signature	Sodinokibi Create hunting rule
File size:	117'760 bytes
First seen:	2020-03-27 08:44:35 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	b3b772cb4d934b78c9fe1cfda7e0cbdf (7 x Sodinokibi)
ssdeep	3072:TMSEVIx2V83UcZwvh4NK9Sw7liH2WeV9:TMSEg2ViUaiSqQveV9
Threatray	160 similar samples on MalwareBazaar
TLSH	91B3C023BD9082F3D4D381F6232B2F2B69BFBD3465421867D3616D841F29092BD2B957
Reporter	johannes
Tags:	Sodinokibi

viql

sodinokibi via https://pastebin.com/raw/WZz070GE

Intelligence

File Origin

# of uploads :

# of downloads :

370

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Ransomware.Sodinokibi-7013612-0

Gathering data

Threat name:

Win32.Trojan.Sodinokibi

Status:

Malicious

First seen:

2020-03-27 09:35:22 UTC

File Type:

PE (Dll)

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

Sodinokibi

322cce1c297277e5c19c9396cf58e55b358eab928880f5b1619099842a4568cd

Sodinokibi

3510959b6d7b6090f1fe8b18775d9d18b44ed01e2676d185ba55887d5559d80e

Sodinokibi

47031a0543d2d1a8f5f8277d16891395dcf7cc57e7ca56cc76fad33a4376e902

Sodinokibi

500e02be3ac6e5670e9896d5369133be17ea5a6388f23d51e6149516c034e40f

Sodinokibi

7aaf4b2e40306cbb65edd0aed85a61ef4bbe538837684f48eafefebbdb871c11

Sodinokibi

b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f

Sodinokibi

bbfabca3e43ca9d0bd8ac74409b1a030e774c9afd4dc16cef5e01a5d3d1408c2

Sodinokibi

dc97c6d5922939edb810ae414da0d4419a52192e257673baf4bfb0d56aa64fac

Sodinokibi

ef6a96bf68ec54d78f4f4cd304acc6718f9dfe398f368bc1e5b127bd746302f2

Sodinokibi

+ 150 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/WZz070GE

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample