MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sodinokibi

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972
SHA3-384 hash:	fe80252504b461ea633f57d57a1ccf862be15c44826c882cb5e41bfdfa8524425b0fe58f743a6351db6edd73fab3de8b
SHA1 hash:	39893ae4b3cbddfb8ebea174e233796e1fbed040
MD5 hash:	5421d7aac261b84a837f6958f075a022
humanhash:	winner-six-mountain-tennis
File name:	5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972.bin.exe
Download:	download sample
Signature	Sodinokibi Create hunting rule
File size:	117'248 bytes
First seen:	2020-08-23 19:11:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1e6452b349d3cbc048e72755b22f42e0 (37 x Sodinokibi)
ssdeep	1536:fFO1Nt+AF+2F8yZppMakhkwICS4AmFO+fP:td68yZLniOYP
Threatray	168 similar samples on MalwareBazaar
TLSH	DDB37E43BFD04931D49302F506BB7F169AFEBD70052A907AAB94988D1F31D91E62B723
Reporter	Dashowl
Tags:	Decryptor REvil Sodinokibi

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'093

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/50137/

Detection(s):

Win.Ransomware.Sodinokibi-7013612-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a window

Sending a UDP request

Result

Threat name:

Revil

Detection:

malicious

Classification:

rans.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/447091

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to detect sleep reduction / modifications

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Revil

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972/

Threat name:

Win32.Ransomware.Sodinokibi

Status:

Malicious

First seen:

2020-03-12 17:19:21 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

0425f6cf8c9cc7c507e766119262f9c7c5c90baf9ef744d64f9f7b4fe526fb45

429b96b0c9a715d0d7735ed12cec95b5183cd398f7291546478cb7ac12451df6

6081e88fe927e60d87da7a0bf1cc748f3c52f951a80dd3e4bd16ceaadc80571a

6e5f225b72d932fa68cafd3e0366298d5b1b92098049dcf01f6e3f2ad0f9b92e

6ed3e4d85b44330f9e8254aec9b0055cbc51438472b366dd653201abf452bb89

75175009b6864cf3a0147051272ccf63d8fac7f7a521e32f9d3c69a7acd4866d

81b452c5cfc9b054231b73c412e06335770965ec8ec92a309df18c1909233a70

8931fa8e5b8ec0db4b1a722778eaaf580ed1a45fc4f93a5e879d688925971424

bfbe9826927232ab355f0dc6343175dec5244026bdead1ca7033f4ba62d9a65c

fd8ba926720610c0864ed8f53bfe61b9d991883798f176f7ad65a16102aeeca3

+ 158 additional samples on MalwareBazaar

Result

Malware family:

sodinokibi

Score:

10/10

Tags:

family:sodinokibi

Link:

https://tria.ge/reports/200823-dna2mczt9s/

Behaviour

Sodinokibi family

Sodinokibi/Revil sample

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

REvil

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/50137/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample