MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b433aaa86cc70ce6c60798f07fa013f4712947b32b6692bc08e1832dc17f90fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sodinokibi


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b433aaa86cc70ce6c60798f07fa013f4712947b32b6692bc08e1832dc17f90fb
SHA3-384 hash: 776cad43b21843b025254192ad17f388bbf9179929655a4fdd72f2093a0e6fda356da0ed8c871fd4117b6dcac66320bd
SHA1 hash: 43caef6a20ab9e045d76f8bf3e4e96d622f2a6eb
MD5 hash: c283e5ec517605b6226c29f96f6d1d28
humanhash: shade-monkey-south-montana
File name:b433aaa86cc70ce6c60798f07fa013f4712947b32b6692bc08e1832dc17f90fb
Download: download sample
Signature Sodinokibi
Create hunting rule
File size:217'600 bytes
First seen:2020-06-29 07:31:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f6d7b5ac803ab3ce37f918febe8438f5 (1 x Sodinokibi)
ssdeep 6144:a4ShH1+eVowjQdgm2Rf/pQuwiNZVj1YX:shV+cjSgm27NZJ1YX
Threatray 182 similar samples on MalwareBazaar
TLSH 78240111A3410E73D86583FE82E95B8EA43E3A746F54954F53C44E065C626E2EF3B31B
Reporter JAMESWT_WT
Tags:Sodinokibi

Intelligence

File Origin
# of uploads :
1
# of downloads :
817
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15695/
Detection:
sodinokibi
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b433aaa86cc70ce6c60798f07fa013f4712947b32b6692bc08e1832dc17f90fb/
Threat name:
Win32.Ransomware.Sodinokibi
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 16:30:47 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqz2vkdmy4gonrqhtdyh7iat6ryssr5tfntjfpai4gbs3ql7sd5q._file
Verdict:
malicious
Similar samples:
07346bb5f71e3c67a9ffd1b0d9602452f044b9262b468b6ed055f6548f26327a
Sodinokibi
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9
Sodinokibi
591d971b9411860904bc7fb9234d9069e3e8cacd06523b0bf93547bc2c4a827a
Sodinokibi
6f173aec9830677d751097483b2cd8b9a1609886d0c445568b6f52cf9461a668
Sodinokibi
b8d7fb4488c0556385498271ab9fffdf0eb38bb2a330265d9852e3a6288092aa
Sodinokibi
ba5ad1edfdfaecc2becdd7f08922be08b37450556a503e3bd06119ba57facef0
Sodinokibi
bbcaee51155609d365f6bb297d124efea685df0243ec1d4efb5043d9afe5963d
Sodinokibi
cb0373b35abf4b089be60e714ee415d3491ddc2cffcfb45b84a87a3a106c822f
Sodinokibi
e9e5459e32521a8ca1c075a96d3358337919321f5d149fe3a8cc5f6f57b33923
Sodinokibi
fa7d2020776a080d2580c0cad013be84484cbaa8d927fedd51914bad567d3278
Sodinokibi
+ 172 additional samples on MalwareBazaar
Result
Malware family:
sodinokibi
Create hunting rule
Score:
  10/10
Tags:
ransomware family:sodinokibi persistence
Link:
https://tria.ge/reports/200629-pbn49f3jt6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Drops file in Program Files directory
Sets desktop wallpaper using registry
Modifies service
Adds Run entry to start application
Enumerates connected drives
Sodin,Sodinokibi,REvil
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15695/

Comments