MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebac68b0e4bc51398de1bc867085737ee2981b6f7dc35a1cac6cf2912d877394. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sodinokibi

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ebac68b0e4bc51398de1bc867085737ee2981b6f7dc35a1cac6cf2912d877394
SHA3-384 hash:	116f504bcf2b11c9a216f16e06ed902675fae93a5ecd74cfe8cacd046e5a333fb059a252170160ffcd14bb9a9df827ce
SHA1 hash:	4ee3c0b73a858123acfca4ceabf787af3e0c456c
MD5 hash:	c5887047a5604cf068c73fc7310b3126
humanhash:	pip-pennsylvania-winner-video
File name:	6ytV66hr.exe
Download:	download sample
Signature	Sodinokibi Create hunting rule
File size:	170'496 bytes
First seen:	2020-03-18 13:53:44 UTC
Last seen:	2022-05-11 15:55:02 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	3405adb708f38a8c5b5ee1fd45dead95 (83 x Sodinokibi)
ssdeep	3072:MJMawtnGqtWoKeZ9fh1CgnNto6jfDhQJX9UaP2pN:Ww9vteqJggn7oUfDhCS
Threatray	158 similar samples on MalwareBazaar
TLSH	81F3F137A9704572D8D384FF023F2F6B6ABFBD30502578A693221D4C0F294A5A92735B
Reporter	johannes
Tags:	Sodinokibi

viql

sodinokibi via https://pastebin.com/raw/6ytV66hr

Intelligence

File Origin

# of uploads :

# of downloads :

244

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Ransomware.Sodinokibi-7013612-0

Gathering data

Threat name:

Win32.Trojan.Sodinokibi

Status:

Malicious

First seen:

2020-03-19 01:06:29 UTC

AV detection:

33 of 45 (73.33%)

Threat level:

5/5

Verdict:

malicious

Sodinokibi

47031a0543d2d1a8f5f8277d16891395dcf7cc57e7ca56cc76fad33a4376e902

Sodinokibi

500e02be3ac6e5670e9896d5369133be17ea5a6388f23d51e6149516c034e40f

Sodinokibi

7aaf4b2e40306cbb65edd0aed85a61ef4bbe538837684f48eafefebbdb871c11

Sodinokibi

804b8fd89c13f45b652f9b18680749c9fd4449e89bb09cdbb545386676440db2

Sodinokibi

81ee16a0c0c620c6fd4d7837653c6098aee803411717d390978c2beb81957372

Sodinokibi

ad0e0396572e30f66fd2fd68ac8e0baf6bcafa362846513bdd310875b9da38ed

Sodinokibi

bbfabca3e43ca9d0bd8ac74409b1a030e774c9afd4dc16cef5e01a5d3d1408c2

Sodinokibi

dc97c6d5922939edb810ae414da0d4419a52192e257673baf4bfb0d56aa64fac

Sodinokibi

ef6a96bf68ec54d78f4f4cd304acc6718f9dfe398f368bc1e5b127bd746302f2

Sodinokibi

+ 148 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ebac68b0e4bc51398de1bc867085737ee2981b6f7dc35a1cac6cf2912d877394

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://pastebin.com/raw/6ytV66hr

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample