MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ed3e4d85b44330f9e8254aec9b0055cbc51438472b366dd653201abf452bb89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sodinokibi

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	6ed3e4d85b44330f9e8254aec9b0055cbc51438472b366dd653201abf452bb89
SHA3-384 hash:	348352f98996eaa99e9b71951a40d9bf0f24c9fd36723a7a8541eb789145c54068292316a698f067ae1ce5d7aa6a17da
SHA1 hash:	3e5c5e9d0a456864d9ceaa83d85f8dd7f8d8b785
MD5 hash:	b613bf5c41588ace64748777363d9af8
humanhash:	ohio-single-friend-jersey
File name:	6ed3e4d85b44330f9e8254aec9b0055cbc51438472b366dd653201abf452bb89.bin.exe
Download:	download sample
Signature	Sodinokibi Create hunting rule
File size:	116'224 bytes
First seen:	2020-08-23 19:50:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1e6452b349d3cbc048e72755b22f42e0 (37 x Sodinokibi)
ssdeep	1536:fT8j+u++mQ8e1lpUiTBkH6dICS4ADEeMc:Gr8e1Hw6+9M
Threatray	168 similar samples on MalwareBazaar
TLSH	E7B38D07BEE05532D51301F6077B6F1A8EFFBE700526407AABE4A8C91F21591E62B727
Reporter	Dashowl
Tags:	Decryptor REvil Sodinokibi

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'810

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/50157/

Detection(s):

Win.Ransomware.Sodinokibi-7013612-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a window

Sending a UDP request

Result

Threat name:

Revil

Detection:

malicious

Classification:

rans.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/447132

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to detect sleep reduction / modifications

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Revil

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6ed3e4d85b44330f9e8254aec9b0055cbc51438472b366dd653201abf452bb89/

Threat name:

Win32.Ransomware.REvil

Status:

Malicious

First seen:

2019-08-03 13:03:24 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

0425f6cf8c9cc7c507e766119262f9c7c5c90baf9ef744d64f9f7b4fe526fb45

429b96b0c9a715d0d7735ed12cec95b5183cd398f7291546478cb7ac12451df6

5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972

6081e88fe927e60d87da7a0bf1cc748f3c52f951a80dd3e4bd16ceaadc80571a

6e5f225b72d932fa68cafd3e0366298d5b1b92098049dcf01f6e3f2ad0f9b92e

75175009b6864cf3a0147051272ccf63d8fac7f7a521e32f9d3c69a7acd4866d

81878c4cd8c79fcc10478f15ea6d00a0d1151a205943eaf47e8c4cd450db0915

81b452c5cfc9b054231b73c412e06335770965ec8ec92a309df18c1909233a70

8931fa8e5b8ec0db4b1a722778eaaf580ed1a45fc4f93a5e879d688925971424

fd8ba926720610c0864ed8f53bfe61b9d991883798f176f7ad65a16102aeeca3

+ 158 additional samples on MalwareBazaar

Result

Malware family:

sodinokibi

Score:

10/10

Tags:

family:sodinokibi

Link:

https://tria.ge/reports/200823-b67ss7wc96/

Behaviour

Sodinokibi family

Sodinokibi/Revil sample

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Cryptor

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6ed3e4d85b44330f9e8254aec9b0055cbc51438472b366dd653201abf452bb89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/50157/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample