MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9f3199637a3662429d829e2eb2d210fc96bf282883e721da1704981c136b143. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sodinokibi

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b9f3199637a3662429d829e2eb2d210fc96bf282883e721da1704981c136b143
SHA3-384 hash:	b379819f7910f1c267e80f98d396ac9b197d7cd824c08da052ee41c7b7b4c90ad2c36dd0ab378782f5ec3cd0ec968712
SHA1 hash:	0c457969e1de131dc0c2fbf55769c82ff0ea3b95
MD5 hash:	6a8df48a6ddcb1fee35ea4979c585a42
humanhash:	beer-spring-asparagus-burger
File name:	b9f3199637a3662429d829e2eb2d210fc96bf282883e721da1704981c136b143.bin.exe
Download:	download sample
Signature	Sodinokibi Create hunting rule
File size:	118'784 bytes
First seen:	2020-08-23 19:25:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1e6452b349d3cbc048e72755b22f42e0 (37 x Sodinokibi)
ssdeep	1536:hgc9/Au+Ad+rwYYcbDVsSpJa+1krICS4AAPHm:59o3ELc3VsmnQG
Threatray	168 similar samples on MalwareBazaar
TLSH	87C39F03AFA04D36E41301F647BB6F568AFEBD704425907A6B746D880F36941E62B727
Reporter	Dashowl
Tags:	Decryptor REvil Sodinokibi

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'327

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/50150/

Detection(s):

Win.Ransomware.Sodinokibi-7013612-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a window

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/447115

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to detect sleep reduction / modifications

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b9f3199637a3662429d829e2eb2d210fc96bf282883e721da1704981c136b143/

Threat name:

Win32.Ransomware.Sodinokibi

Status:

Malicious

First seen:

2020-03-11 09:54:07 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

0425f6cf8c9cc7c507e766119262f9c7c5c90baf9ef744d64f9f7b4fe526fb45

5fa14751ef7fa7299d9ac8a13a45d50c91fc787e720ae661742a211861319972

6081e88fe927e60d87da7a0bf1cc748f3c52f951a80dd3e4bd16ceaadc80571a

6e5f225b72d932fa68cafd3e0366298d5b1b92098049dcf01f6e3f2ad0f9b92e

75175009b6864cf3a0147051272ccf63d8fac7f7a521e32f9d3c69a7acd4866d

81b452c5cfc9b054231b73c412e06335770965ec8ec92a309df18c1909233a70

8931fa8e5b8ec0db4b1a722778eaaf580ed1a45fc4f93a5e879d688925971424

b83081e0e2676da0476f762d0d3efcccf37db54e1fb9ce3b663d4b9557185744

bfbe9826927232ab355f0dc6343175dec5244026bdead1ca7033f4ba62d9a65c

fd8ba926720610c0864ed8f53bfe61b9d991883798f176f7ad65a16102aeeca3

+ 158 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200823-b9w9rdeahe/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

REvil

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b9f3199637a3662429d829e2eb2d210fc96bf282883e721da1704981c136b143

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/50150/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample