Play interactive tour
Edit tourWindows Analysis Report NtJd0gjCZE
Overview
General Information
| Sample Name: | NtJd0gjCZE (renamed file extension from none to exe) |
| Analysis ID: | 459108 |
| MD5: | 4af953b20f3a1f165e7cf31d6156c035 |
| SHA1: | b859de5ffcb90e4ca8e304d81a4f81e8785bb299 |
| SHA256: | 89d80016ff4c6600e8dd8cfad1fa6912af4d21c5457b4e9866d1796939b48dc4 |
| Infos: | |
Most interesting Screenshot:  | |
Detection
Netwalker Revil Sodinokibi
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Sigma detected: WannaCry Ransomware
Yara detected Netwalker ransomware
Yara detected RansomwareGeneric
Yara detected Revil
Yara detected Sodinokibi Ransomware
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Deletes shadow drive data (may be related to ransomware)
Found Tor onion address
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Sigma detected: Copying Sensitive Files with Credential Data
Uses bcdedit to modify the Windows boot settings
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops certificate files (DER)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
Threatname: REvil |
|---|
{"pk": "eYI9jfld2wfrBiZk/ABspJesaySH6q+XbmHRQ55NBkE=", "pid": "19", "sub": "100", "dbg": false, "fast": true, "wipe": false, "wht": {"fld": ["application data", "windows.old", "program files (x86)", "$windows.~ws", "mozilla", "perflogs", "system volume information", "programdata", "program files", "tor browser", "$windows.~bt", "msocache", "windows", "intel", "$recycle.bin", "boot", "appdata", "google"], "fls": ["ntldr", "bootfont.bin", "ntuser.dat", "desktop.ini", "ntuser.dat.log", "iconcache.db", "autorun.inf", "ntuser.ini", "bootsect.bak", "thumbs.db", "boot.ini"], "ext": ["exe"]}, "wfld": ["backup"], "prc": ["thunderbird.exe", "msftesql.exe", "tbirdconfig.exe", "dbeng50.exe", "ocomm.exe", "mspub.exe", "mysqld.exe", "encsvc.exe", "thebat64.exe", "excel.exe", "firefoxconfig.exe", "sqlservr.exe", "sqlbrowser.exe", "synctime.exe", "mydesktopqos.exe", "oracle.exe", "visio.exe", "mydesktopservice.exe", "steam.exe", "isqlplussvc.exe", "xfssvccon.exe", "sqlagent.exe", "ocautoupds.exe", "sqlwriter.exe", "sqbcoreservice.exe", "outlook.exe", "ocssd.exe", "winword.exe", "mysqld_nt.exe", "infopath.exe", "agntsvc.exe", "msaccess.exe", "onenote.exe", "mysqld_opt.exe", "wordpad.exe", "powerpnt.exe", "thebat.exe", "dbsnmp.exe"], "dmn": "bluelakevision.com;forumsittard.nl;gosouldeep.com;hvitfeldt.dk;advanced-removals.co.uk;putzen-reinigen.com;advancedeyecare.com;transifer.fr;hiddensee-buhne11.de;aslog.fr;iactechnologies.net;unboxtherapy.site;renderbox.ch;jobkiwi.com.ng;citiscapes-art.com;axisoflove.org:443;autoteamlast.de;atelierkomon.com;housesofwa.com;condormobile.fr;richardkershawwines.co.za;kickittickets.com;easydental.ae;rhino-storage.co.uk;paardcentraal.nl;lovetzuchia.com;pro-gamer.pl;antesacademy.it;leatherjees.com;phoenixcrane.com;blavait.fr;ultimatelifesource.com;bmw-i-pure-impulse.com;ziliak.com;o2o-academy.com;myfbateam.com;sweetz.fr;chatberlin.de;alpesiberie.com;aoyama.ac;bendel-partner.de;t3brothers.com;jobscore.com;encounter-p.net;ravage-webzine.nl;promus.ca;acornishstudio.co.uk;limmortelyouth.com;bruut.online;dnqa.co.uk;signededenroth.dk;billigeflybilletter.dk;nrgvalue.com;boomerslivinglively.com;hostaletdelsindians.es;vapiano.fr;bringmehope.org;eastgrinsteadwingchun.com;banukumbak.com;agriturismocastagneto.it;kiraribeaute-nani.com;nationnewsroom.com;auberives-sur-vareze.fr;fridakids.com;tatyanakopieva.ru;mjk.digital;gsconcretecoatings.com;voice2biz.com;cookinn.nl;ufovidmag.com;kellengatton.com;fanuli.com.au;thiagoperez.com;bookingwheel.com;mariamalmahdi.com;tetameble.pl;kelsigordon.com;lsngroupe.com;jefersonalessandro.com;silverbird.dk;sbit.ag;manzel.tn;citydogslife.com;lmmont.sk;slotspinner.com;sochi-okna23.ru;charlottelhanna.com;koncept-m.ru;richardmaybury.co.uk;creohn.de;bumbipdeco.site;web865.com;colored-shelves.com;ocduiblog.com;ebible.co;basindentistry.com;physio-lang.de;askstaffing.com;finsahome.co.uk;rentingwell.com;adabible.org;gatlinburgcottage.com;mercadodelrio.com;frankgoll.com;tilldeeke.de;mike.matthies.de;jaaphoekzema.nl;shrinkingplanet.com;lesyeuxbleus.net;heuvelland-oaze.nl;oportowebdesign.com;fidelitytitleoregon.com;wribrazil.com;m2graph.fr;aheadloftladders.co.uk;ruggestar.ch;turing.academy;triavlete.com;raeoflightmusic.com;schulz-moelln.de;abulanov.com;techybash.com;buffdaddyblog.com;claudiakilian.de;magrinya.net;billscars.net;die-immo-agentur.de;perfectgrin.com;paprikapod.com;interlinkone.com;sycamoregreenapts.com;hospitalitytrainingsolutions.co.uk;solidhosting.nl;chomiksy.net;jag.me;cardsandloyalty.com;eatyoveges.com;oncarrot.com;annenymus.com;bayshoreelite.com;reizenmetkinderen.be;cp-bap.de;nbva.co.uk;pinthelook.com;c-sprop.com;explora.nl;delegationhub.com;logosindustries.com;adedesign.com;avtoboss163.ru:443;ruggestar.ch;jglconsultancy.com;nvisionsigns.com;skolaprome.eu;agenceassemble.fr;sytzedevries.com;modamarfil.com;muller.nl;p-ride.live;satoblog.org;ya-elka.ru;duthler.nl;tramadolhealth.com;livedeveloper.com;casinodepositors.com;osn.ro;k-zubki.ru;benchbiz.com;ayudaespiritualtamara.com;campinglaforetdetesse.com;mneti.ru;schlagbohrmaschinetests.com;hekecrm.com;karelinjames.com;martha-frets-ceramics.nl;greeneyetattoo.com;terraflair.de;rename.kz;fotoeditores.com;cap29010.it;spirello.nl;awaisghauri.com;mundo-pieces-auto.fr;saboboxtel.uk;apmollerpension.com;parentsandkids.com;factoriareloj.com;alisodentalcare.com;groovedealers.ru;kuriero.pro;docarefoundation.org;gratiocafeblog.wordpress.com;netadultere.fr;vvego.com;maxcube24.com.ua;chris-anne.com;mazzaropi.com.br;go.labibini.ch;profibersan.com;alnectus.com;ketomealprep.academy;5thactors.com;catchup-mag.com;schluesseldienste-hannover.de;zwemofficial.nl;welovecustomers.fr;boloria.de;jalkapuu.net;janmorgenstern.com;spartamovers.com;metallbau-hartmann.eu;hom-frisor.dk;zinnystar.com;loparnille.se;clemenfoto.dk;stralsund-ansichten.de;xn--ziinoapte-6ld.ro;entdoctor-durban.com;hm-com.com;imaginekithomes.co.nz;gurutechnologies.net;neonodi.be;bundan.com;zumrutkuyutemel.com;morgansconsult.com;min-virksomhed.dk;polynine.com;graygreenbiomedservices.com;eafx.pro;animation-pro.co.uk;fixx-repair.com;gbk-tp1.de;mondolandscapes.com;sealgrinderpt.com;ronaldhendriks.nl;jonnyhooley.com;bourchier.org;cainlaw-okc.com;dentourage.com;baumfinancialservices.com;glende-pflanzenparadies.de;itheroes.dk;avis.mantova.it;centuryvisionglobal.com;pinkxgayvideoawards.com;rapid5kloan.org;wrinstitute.org;rozmata.com;cesep2019.com;birthplacemag.com;stoneridgemontessori.com;jlgraphisme.fr;theatre-embellie.fr;sololibrerie.it;lexced.com;lagschools.ng;heimdalbygg.no;ziliak.com;mamajenedesigns.com;ddmgen.com;ilovefullcircle.com;chatterchatterchatter.com;evsynthacademy.org;comoserescritor.com;rishigangoly.com;goddardleadership.org;test-teleachat.fr;jdscenter.com;edrickennedymacfoy.com;apiarista.de;internalresults.com;lgiwines.com;four-ways.com;efficiencyconsulting.es;bohrlochversicherung.info;atma.nl;tastevirginia.com;thepixelfairy.com;irizar.com;texanscan.org;thisprettyhair.com;redpebblephotography.com;jameswilliamspainting.com;yvesdoin-aquarelles.fr;shortsalemap.com;purepreprod4.com;fascaonline.com;frameshift.it;selected-minds.de;glas-kuck.de;digitale-elite.de;strauchs-wanderlust.info;rattanwarehouse.co.uk;ntinasfiloxenia.gr;leijstrom.com;keuken-prijs.nl;so-sage.fr;customroasts.com;placermonticello.com;floweringsun.org;aceroprime.com;donau-guides.eu;altitudeboise.com;indiebizadvocates.org;catalyseurdetransformation.com;parisschool.ru;mensemetgesigte.co.za;jimprattmediations.com;golfclublandgoednieuwkerk.nl;wademurray.com;verbouwingsdouche.nl;christopherhannan.com;sellthewrightway.com;invela.dk;photonag.com;arearugcleaningnyc.com;line-x.co.uk;sber-biznes.com;piestar.com;focuskontur.com;trainiumacademy.com;bulyginnikitav.000webhostapp.com;log-barn.co.uk;agencewho-aixenprovence.fr;palmenhaus-erfurt.de;goeppinger-teppichreinigung.de;qrs-international.com;awaitspain.com;parseport.com;janasfokus.com;reputation-medical.online;girlish.ae;oexebusiness.com;tecleados.com;ramirezprono.com;successcolony.com.ng;ahgarage.com;witraz.pl;9nar.com;cymru.futbol;fluzfluzrewards.com;fi-institutionalfunds.com;cormanmarketing.com;latteswithleslie.com;funworx.de;thenalpa.com;albcleaner.fr;dierenambulancealkmaar.nl;peninggibadan.co.id;look.academy;innersurrection.com;silkeight.com;speakaudible.com;ilveshistoria.com;circuit-diagramz.com;drbenveniste.com;eos-horlogerie.com;hostastay.com;rsidesigns.com;artcase.pl;tweedekansenloket.nl;bodymindchallenger.com;astrographic.com;stabilisateur.fr;jobstomoveamerica.org;alwaysdc.com;motocrossplace.co.uk;tieronechic.com;omnicademy.com;soundseeing.net;protoplay.ca;pourlabretagne.bzh;mollymccarthydesign.com;xn--80addfr4ahr.dp.ua;monstarrsoccer.com;zuerich-umzug.ch;motocrosshideout.com;pokemonturkiye.com;drnelsonpediatrics.com;lumturo.academy;etgdogz.de;karmeliterviertel.com;margaretmcshane.com;cascinarosa33.it;palema.gr;initconf.com;ikzoekgod.be;holocine.de;spectamarketingdigital.com.br;hypogenforensic.com;skyboundnutrition.co.uk;cl0nazepamblog.com;xn--80abehgab4ak0ddz.xn--p1ai;nginx.com;phukienbepthanhdat.com;kerstliedjeszingen.nl;makingmillionaires.net;framemyballs.com;mariajosediazdemera.com;saberconcrete.com;nxtstg.org;furland.ru;juergenblaetz.de;singletonfinancial.com;egpu.fr;frimec-international.es;krishnabrawijaya.com;globalcompliancenews.com;nuohous.com;mindfuelers.com;happycatering.de;craftingalegacy.com;lattalvor.com;mesajjongeren.nl;rtc24.com;o90.dk;qandmmusiccenter.com;business-basic.de;corporacionrr.com;stagefxinc.com;tutvracks.com;hnkns.com;distrifresh.com;husetsanitas.dk;the-beauty-guides.com;lollachiro.com;newonestop.com;advance-refle.com;diverfiestas.com.es;shortysspices.com;quitescorting.com;nauticmarine.dk;tchernia-conseil.fr;rivermusic.nl;towelroot.co;nepressurecleaning.com;3daywebs.com;salonlamar.nl;gardenpartner.pl;dayenne-styling.nl;xn--billigafrgpatroner-stb.se;relevantonline.eu;markseymourphotography.co.uk;mariannelemenestrel.com;billyoart.com;adaduga.info;awag-blog.de;baikalflot.ru;hawthornsretirement.co.uk;craftstone.co.nz;hoteltantra.com;rino-gmbh.com;alattekniksipil.com;a-zpaperwork.eu;mediahub.co.nz;levencovka.ru;metriplica.academy;zaczytana.com;bodet150ans.com;amelielecompte.wordpress.com;brighthillgroup.com;kombi-dress.com;letsstopsmoking.co.uk;augen-praxisklinik-rostock.de;tesisatonarim.com;yourhappyevents.fr;hinotruckwreckers.com.au;happylublog.wordpress.com;ced-elec.com;yuanshenghotel.com;ox-home.com;nutriwell.com.sg;fsbforsale.com;scholarquotes.com;andrealuchesi.it;racefietsenblog.nl;andermattswisswatches.ch;insane.agency;druktemakersheerenveen.nl;christianscholz.de;der-stempelking.de;skyscanner.ro;grafikstudio-visuell.de;aciscomputers.com;mikegoodfellow.co.uk;1deals.com;plbinsurance.com;site.markkit.com.br;springfieldplumbermo.com;kenmccallum.com;specialtyhomeservicesllc.com;arthakapitalforvaltning.dk;vipcarrental.ae;jeanmonti.com;foerderverein-vatterschule.de;dr-vita.de;nevadaruralhousingstudies.org;landgoedspica.nl;marmarabasin.com;innervisions-id.com;legundschiess.de;matthieupetel.fr;stathmoulis.gr;bridalcave.com;klapanvent.ru;lidkopingsnytt.nu;levelseven.be;zdrowieszczecin.pl;pixelhealth.net;dieetuniversiteit.nl;metcalfe.ca;valiant-voice.com;thehovecounsellingpractice.co.uk;jlwilsonbooks.com;dentallabor-luenen.de;jayfurnitureco.com;richardiv.com;aquacheck.co.za;nicksrock.com;tzn.nu;catering.com;deziplan.ru;skinkeeper.li;smartmind.net;jollity.hu;expohomes.com;yayasanprimaunggul.org;thegrinningmanmusical.com;xtensifi.com;acumenconsultingcompany.com;julielusktherapy.com;epicjapanart.com;nexstagefinancial.com;chainofhopeeurope.eu;yourcosmicbeing.com;paradigmlandscape.com;kristianboennelykke.dk;ziliak.com;bescomedical.de;devplus.be;opticahubertruiz.com;pankiss.ru;sprintcoach.com;larchwoodmarketing.com;mgimalta.com;matteoruzzaofficial.com;mrcar.nl;bagaholics.in;primemarineengineering.com;ronielyn.com;nykfdyrehospital.dk;thegetawaycollective.com;allinonecampaign.com;teamsegeln.ch;premiumweb.com.ua:443;supercarhire.co.uk;agendatwentytwenty.com;90nguyentuan.com;operativadigital.com;gazelle-du-web.com;airserviceunlimited.com;mac-computer-support-hamburg.de;cleanroomequipment.ie;pisofare.co;apogeeconseils.fr;brinkdoepke.eu;simpleitsolutions.ch;powershell.su;crestgood.com;kenmccallum.com;wirmuessenreden.com;pedmanson.com;endstarvation.com;loysonbryan.com;the5thquestion.com;mangimirossana.it;beandrivingschool.com.au;pays-saint-flour.fr;rs-danmark.dk;triplettabordeaux.fr;webforsites.com;lashandbrowenvy.com;andreaskildegaard.dk;g2mediainc.com;envomask.com;wineandgo.hu;rubyaudiology.com;suonenjoen.fi;littlesaints.academy;fta-media.com;concontactodirecto.com;teutoradio.de;pajagus.fr;kosten-vochtbestrijding.be;sjtpo.org;lapponiasafaris.com;agrifarm.dk;encounter-p.net;acibademmobil.com.tr;domilivefurniture.com;kafkacare.com;internestdigital.com;fbmagazine.ru;rechtenplicht.be;breakluckrecords.com;carolynfriedlander.com;greenrider.nl;brownswoodblog.com;enews-qca.com;hutchstyle.co.uk;elex.is;nalliasmali.net;arazi.eus;auto-opel.ro;bonitabeachassociation.com;lunoluno.com;lifeinbreaths.com;grancanariaregional.com;malzomattalar.com;penumbuhrambutkeiskei.com;tanatek.com;cmascd.com;pxsrl.it;naukaip.ru;perceptdecor.com;therapybusinessacademy.com;the-cupboard.co.uk;sarahspics.co.uk;banksrl.co.za;narca.net;enactusnhlstenden.com;uci-france.fr;babysitting-hk.helpergo.co;geoweb.software;kamin-somnium.de;vitoriaecoturismo.com.br;spacebel.be;bd2fly.com;hostingbangladesh.net;deduktia.fi;weddingceremonieswithtim.com;sachainchiuk.com;davedavisphotos.com;laaisterplakky.nl;coachpreneuracademy.com;dcc-eu.com;drvoip.com;mursall.de;outstandingminialbums.com;molade.nl;grupoexin10.com;imajyuku-sozoku.com;kdbrh.com;oththukaruva.com;cmeow.com;brunoimmobilier.com;angelika-schwarz.com;daveystownhouse.com;vdolg24.online;thesilkroadny.com;alaskaremote.com;atrgroup.it;geitoniatonaggelon.gr;anleggsregisteret.no;fazagostar.co;campusce.com;michal-s.co.il;liepertgrafikweb.at;nieuwsindeklas.be;speiserei-hannover.de;glennverschueren.be;werkzeugtrolley.net;bajova.sk;electricianul.com;fotoslubna.com;5pointpt.com;berdonllp.com;scentedlair.com;topautoinsurers.net;biodentify.ai;unexplored.gr;animalfood-online.de;nourella.com;ingresosextras.online;cxcompany.com;hawaiisteelbuilding.com;medicalsupportco.com;taulunkartano.fi;kemtron.fr;alcye.com;pazarspor.org.tr;stressreliefadvice.com;leadforensics.com;johnkoen.com;mrkluttz.com;orchardbrickwork.com;skoczynski.eu;slotenmakerszwijndrecht.nl;oro.ae;asiaartgallery.jp;innovationgames-brabant.nl;affligemsehondenschool.be;ninjaki.com;bellesiniacademy.org;unislaw-narty.pl;devus.de;cuadc.org;volta.plus;azloans.com;galatee-couture.com;production-stills.co.uk;traitware.com;forskolinslimeffect.net;sppdstats.com;precisetemp.com;napisat-pismo-gubernatoru.ru:443;bcabattoirs.org;dreamvoiceclub.org;palmecophilippines.com;cc-experts.de;direitapernambuco.com;eshop.design;iron-mine.ru;letterscan.de;greatofficespaces.net;cincinnatiphotocompany.org;michaelfiegel.com;oscommunity.de;finnergo.eu;teethinadaydentalimplants.com;soncini.ch;uncensoredhentaigif.com;riffenmattgarage.ch;goodherbalhealth.com;toranjtuition.org;wg-heiligenstadt.de;futurenetworking.com;theater-lueneburg.de;triplettagaite.fr;ideamode.com;espaciopolitica.com;photographycreativity.co.uk;global-migrate.com;breathebettertolivebetter.com;lyricalduniya.com;scietech.academy;haus-landliebe.de;charlesfrancis.photos;craftron.com;utilisacteur.fr;stringnosis.academy;amco.net.au;georgemuncey.com;stage-infirmier.fr;ncn.nl;biblica.com;jandhpest.com;khtrx.com;forextimes.ru;harleystreetspineclinic.com;optigas.com;linearete.com;leloupblanc.gr;akcadagofis.com;oraweb.net;cops4causes.org;patriotcleaning.net;subquercy.fr;masecologicos.com;goodboyscustom.com;2020hindsight.info;cssp-mediation.org;alharsunindo.com;csaballoons.com;bratek-immobilien.de;redctei.co;cyberpromote.de;midwestschool.org;dennisverschuur.com;wyreforest.net;bavovrienden.nl;jakubrybak.com;wordpress.idium.no;memphishealthandwellness.com;lassocrm.com;rizplakatjaya.com;trevi-vl.ru;queertube.net;pubcon.com;fskhjalmar.se;metroton.ru;mediabolmong.com;maryairbnb.wordpress.com;keyboardjournal.com;slideevents.be;stanleyqualitysystems.com;dantreranch.com;theintellect.edu.pk;carsten.sparen-it.de;linkbuilding.life;jmmartinezilustrador.com;diakonie-weitramsdorf-sesslach.de;prometeyagro.com.ua;hotjapaneselesbian.com;n-newmedia.de;the3-week-diet.net;magnetvisual.com;smartercashsystem.com;sambaglow.com;gavelmasters.com;ncjc.ca;angeleyezstripclub.com;martinipstudios.com;scotlandsroute66.co.uk;epsondriversforwindows.com;fla.se;schroederschoembs.com;chorusconsulting.net;sveneulberg.de;testitjavertailut.net;dibli.store;thestudio.academy;dinedrinkdetroit.com;limounie.com;curtsdiscountguns.com;biketruck.de;buonabitare.com;hartofurniture.com;aktivfriskcenter.se;pansionatblago.ru;hensleymarketing.com;gta-jjb.fr;dentalcircle.com;theboardroomafrica.com;hameghlim.com;leopoldineroux.com;alene.co;airvapourbarrier.com;bjornvanvulpen.nl;istantidigitali.com;rarefoods.ro;mediogiro.com.ar;kartuindonesia.com;imagine-entertainment.com;bilius.dk;bertbutter.nl;bychowo.pl;noda.com.ua;11.in.ua;betterce.com;liverpoolabudhabi.ae;jacquesgarcianoto.com;bcmets.info;rhino-turf.com;computer-place.de;publicompserver.de;burg-zelem.de;buzzneakers.com;avisioninthedesert.com;leansupremegarcinia.net;lisa-poncon.fr;ciga-france.fr;haard-totaal.nl;broccolisoep.nl;altocontatto.net;k-v-f.de;olry-cloisons.fr;mrmac.com;ivancacu.com;pilotgreen.com;kryddersnapsen.dk;janellrardon.com;innovationgames-brabant.nl;guohedd.com;smartworkplaza.com;lovcase.com;licensed-public-adjuster.com;switch-made.com;nepal-pictures.com;whoopingcrane.com;circlecitydj.com;chinowarehousespace.com;randyabrown.com;johnsonweekly.com;hepishopping.com;eyedoctordallas.com;blueridgeheritage.com;prodentalblue.com;elitkeramika-shop.com.ua;cotton-avenue.co.il;neolaiamedispa.com;otpusk.zp.ua;mustangmarketinggroup.com;agora-collectivites.com;studionumerik.fr;latableacrepes-meaux.fr;patassociation.com;opt4cdi.com;projektparkiet.pl;qwikcoach.com;solutionshosting.co.uk;trivselsguide.dk;designimage.ae;kompresory-opravy.com;ledyoucan.com;topvijesti.net;belofloripa.be;profiz.com;annida.it;saint-malo-developpement.fr;drbrianhweeks.com;walterman.es;mayprogulka.ru;bubbalucious.com;skooppi.fi;victorvictoria.com;kausette.com;gaearoyals.com;bluemarinefoundation.com;fire-space.com;inewsstar.com;yournextshoes.com;marcandy.com;tellthebell.website;advesa.com;radishallgood.com;mbuildinghomes.com;rentsportsequip.com;rokthetalk.com;barbaramcfadyenjewelry.com;kroophold-sjaelland.dk;zorgboerderijravensbosch.nl;ykobbqchicken.ca;livelai.com;belinda.af;stitch-n-bitch.com;alabamaroofingllc.com;natturestaurante.com.br;rossomattonecase.it;kvetymichalovce.sk;block-optic.com;dogsunlimitedguide.com;veggienessa.com;acb-gruppe.ch;111firstdelray.com;universelle.fr;alexwenzel.de;tradenavigator.ch;aidanpublishing.co.uk;malevannye.ru;tbalp.co.uk;signamedia.de;ownidentity.com;johnstonmingmanning.com;ludoil.it;aberdeenartwalk.org;endlessrealms.net;tages-geldvergleich.de;afbudsrejserallinclusive.dk;handyman-silkeborg.dk;laylavalentine.com;luvinsburger.fr;jax-interim-and-projectmanagement.com;anchelor.com;eurethicsport.eu;angelsmirrorus.com;startuplive.org;louiedager.com;adterium.com;collegetennis.info;carmel-york.com;luvbec.com;fitnessblenderstory.com;alltagsrassismus-entknoten.de;ygallerysalonsoho.com:443;professionetata.com;campusescalade.com;moira-cristescu.com;fysiotherapierijnmond.nl;reygroup.pt;renehartman.nl;activeterroristwarningcompany.com;fann.ru;iexpert99.com;brannbornfastigheter.se;voetbalhoogeveen.nl;denhaagfoodie.nl;galaniuklaw.com;cac2040.com;amorbellezaysalud.com;humanviruses.org;kookooo.com;lookandseen.com;tothebackofthemoon.com;buerocenter-butzbach-werbemittel.de;elliemaccreative.wordpress.com;wasnederland.nl;worldproskitour.com;vitormmcosta.com;molinum.pt;blucamp.com;onesynergyinternational.com;factorywizuk.com;boyfriendsgoal.site;vedsegaard.dk;datatri.be;beauty-traveller.com;artvark.nl;rvside.com;directique.com;wallflowersandrakes.com;katherinealy.com;santastoy.store;domaine-des-pothiers.com;pharmeko-group.com;baptistdistinctives.org;mslp.org;globalskills.pt;proffteplo.com;azerbaycanas.com;mind2muscle.nl;hotelturbo.de;sharonalbrightdds.com;almamidwifery.com;clinic-beethovenstrasse-ag.ch;smarttourism.academy;smartspeak.com;skidpiping.de;eksperdanismanlik.com;mieleshopping.it;edvestors.org;ijsselbeton.nl;brisbaneosteopathic.com.au;premier-iowa.com;bg.szczecin.pl;xrresources.com;secrets-clubs.co.uk;arabianmice.com;liveyourheartout.co;energosbit-rp.ru;dinecorp.com;parksideseniorliving.net;amyandzac.com;mindsparkescape.com;kryptos72.com;b3b.ch;descargandoprogramas.com;sshomme.com;denverwynkoopdentist.com;flossmoordental.com;zealcon.ae;pureelements.nl;from02pro.com;ceocenters.com;dmlcpa.com;omegamarbella.com;mahikuchen.com;baita.ac;watchsale.biz;eventosvirtualesexitosos.com;akwaba-safaris.com;achetrabalhos.com;justaroundthecornerpetsit.com;onlinetvgroup.com;sunsolutions.es;muni.pe;pvandambv.nl;myplaywin3.com;rolleepollee.com;onlinemarketingsurgery.co.uk;miscbo.it;peppergreenfarmcatering.com.au;suitesartemis.gr;poems-for-the-soul.ch;bakingismyyoga.com;bluetenreich-brilon.de;subyard.com;ikadomus.com;mazift.dk", "net": true, "nbody": "LQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoAWwArAF0AIABXAGgAYQB0AHMAIABIAGEAcABwAGUAbgA/ACAAWwArAF0ADQAKAA0ACgBZAG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAsACAAYQBuAGQAIABjAHUAcgByAGUAbgB0AGwAeQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAuACAAWQBvAHUAIABjAGEAbgAgAGMAaABlAGMAawAgAGkAdAA6ACAAYQBsAGwAIABmAGkAbABlAHMAIABvAG4AIAB5AG8AdQAgAGMAbwBtAHAAdQB0AGUAcgAgAGgAYQBzACAAZQB4AHAAYQBuAHMAaQBvAG4AIAB7AEUAWABUAH0ALgANAAoAQgB5ACAAdABoAGUAIAB3AGEAeQAsACAAZQB2AGUAcgB5AHQAaABpAG4AZwAgAGkAcwAgAHAAbwBzAHMAaQBiAGwAZQAgAHQAbwAgAHIAZQBjAG8AdgBlAHIAIAAoAHIAZQBzAHQAbwByAGUAKQAsACAAYgB1AHQAIAB5AG8AdQAgAG4AZQBlAGQAIAB0AG8AIABmAG8AbABsAG8AdwAgAG8AdQByACAAaQBuAHMAdAByAHUAYwB0AGkAbwBuAHMALgAgAE8AdABoAGUAcgB3AGkAcwBlACwAIAB5AG8AdQAgAGMAYQBuAHQAIAByAGUAdAB1AHIAbgAgAHkAbwB1AHIAIABkAGEAdABhACAAKABOAEUAVgBFAFIAKQAuAA0ACgANAAoAWwArAF0AIABXAGgAYQB0ACAAZwB1AGEAcgBhAG4AdABlAGUAcwA/ACAAWwArAF0ADQAKAA0ACgBJAHQAcwAgAGoAdQBzAHQAIABhACAAYgB1AHMAaQBuAGUAcwBzAC4AIABXAGUAIABhAGIAcwBvAGwAdQB0AGUAbAB5ACAAZABvACAAbgBvAHQAIABjAGEAcgBlACAAYQBiAG8AdQB0ACAAeQBvAHUAIABhAG4AZAAgAHkAbwB1AHIAIABkAGUAYQBsAHMALAAgAGUAeABjAGUAcAB0ACAAZwBlAHQAdABpAG4AZwAgAGIAZQBuAGUAZgBpAHQAcwAuACAASQBmACAAdwBlACAAZABvACAAbgBvAHQAIABkAG8AIABvAHUAcgAgAHcAbwByAGsAIABhAG4AZAAgAGwAaQBhAGIAaQBsAGkAdABpAGUAcwAgAC0AIABuAG8AYgBvAGQAeQAgAHcAaQBsAGwAIABuAG8AdAAgAGMAbwBvAHAAZQByAGEAdABlACAAdwBpAHQAaAAgAHUAcwAuACAASQB0AHMAIABuAG8AdAAgAGkAbgAgAG8AdQByACAAaQBuAHQAZQByAGUAcwB0AHMALgANAAoAVABvACAAYwBoAGUAYwBrACAAdABoAGUAIABhAGIAaQBsAGkAdAB5ACAAbwBmACAAcgBlAHQAdQByAG4AaQBuAGcAIABmAGkAbABlAHMALAAgAFkAbwB1ACAAcwBoAG8AdQBsAGQAIABnAG8AIAB0AG8AIABvAHUAcgAgAHcAZQBiAHMAaQB0AGUALgAgAFQAaABlAHIAZQAgAHkAbwB1ACAAYwBhAG4AIABkAGUAYwByAHkAcAB0ACAAbwBuAGUAIABmAGkAbABlACAAZgBvAHIAIABmAHIAZQBlAC4AIABUAGgAYQB0ACAAaQBzACAAbwB1AHIAIABnAHUAYQByAGEAbgB0AGUAZQAuAA0ACgBJAGYAIAB5AG8AdQAgAHcAaQBsAGwAIABuAG8AdAAgAGMAbwBvAHAAZQByAGEAdABlACAAdwBpAHQAaAAgAG8AdQByACAAcwBlAHIAdgBpAGMAZQAgAC0AIABmAG8AcgAgAHUAcwAsACAAaQB0AHMAIABkAG8AZQBzACAAbgBvAHQAIABtAGEAdAB0AGUAcgAuACAAQgB1AHQAIAB5AG8AdQAgAHcAaQBsAGwAIABsAG8AcwBlACAAeQBvAHUAcgAgAHQAaQBtAGUAIABhAG4AZAAgAGQAYQB0AGEALAAgAGMAYQB1AHMAZQAgAGoAdQBzAHQAIAB3AGUAIABoAGEAdgBlACAAdABoAGUAIABwAHIAaQB2AGEAdABlACAAawBlAHkALgAgAEkAbgAgAHAAcgBhAGMAdABpAHMAZQAgAC0AIAB0AGkAbQBlACAAaQBzACAAbQB1AGMAaAAgAG0AbwByAGUAIAB2AGEAbAB1AGEAYgBsAGUAIAB0AGgAYQBuACAAbQBvAG4AZQB5AC4ADQAKAA0ACgBbACsAXQAgAEgAbwB3ACAAdABvACAAZwBlAHQAIABhAGMAYwBlAHMAcwAgAG8AbgAgAHcAZQBiAHMAaQB0AGUAPwAgAFsAKwBdAA0ACgANAAoAWQBvAHUAIABoAGEAdgBlACAAdAB3AG8AIAB3AGEAeQBzADoADQAKAA0ACgAxACkAIABbAFIAZQBjAG8AbQBtAGUAbgBkAGUAZABdACAAVQBzAGkAbgBnACAAYQAgAFQATwBSACAAYgByAG8AdwBzAGUAcgAhAA0ACgAgACAAYQApACAARABvAHcAbgBsAG8AYQBkACAAYQBuAGQAIABpAG4AcwB0AGEAbABsACAAVABPAFIAIABiAHIAbwB3AHMAZQByACAAZgByAG8AbQAgAHQAaABpAHMAIABzAGkAdABlADoAIABoAHQAdABwAHMAOgAvAC8AdABvAHIAcAByAG8AagBlAGMAdAAuAG8AcgBnAC8ADQAKACAAIABiACkAIABPAHAAZQBuACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlADoAIABoAHQAdABwADoALwAvAGEAcABsAGUAYgB6AHUANAA3AHcAZwBhAHoAYQBwAGQAcQBrAHMANgB2AHIAYwB2ADYAegBjAG4AagBwAHAAawBiAHgAYgByADYAdwBrAGUAdABmADUANgBuAGYANgBhAHEAMgBuAG0AeQBvAHkAZAAuAG8AbgBpAG8AbgAvAHsAVQBJAEQAfQANAAoADQAKADIAKQAgAEkAZgAgAFQATwBSACAAYgBsAG8AYwBrAGUAZAAgAGkAbgAgAHkAbwB1AHIAIABjAG8AdQBuAHQAcgB5ACwAIAB0AHIAeQAgAHQAbwAgAHUAcwBlACAAVgBQAE4AIQAgAEIAdQB0ACAAeQBvAHUAIABjAGEAbgAgAHUAcwBlACAAbwB1AHIAIABzAGUAYwBvAG4AZABhAHIAeQAgAHcAZQBiAHMAaQB0AGUALgAgAEYAbwByACAAdABoAGkAcwA6AA0ACgAgACAAYQApACAATwBwAGUAbgAgAHkAbwB1AHIAIABhAG4AeQAgAGIAcgBvAHcAcwBlAHIAIAAoAEMAaAByAG8AbQBlACwAIABGAGkAcgBlAGYAbwB4ACwAIABPAHAAZQByAGEALAAgAEkARQAsACAARQBkAGcAZQApAA0ACgAgACAAYgApACAATwBwAGUAbgAgAG8AdQByACAAcwBlAGMAbwBuAGQAYQByAHkAIAB3AGUAYgBzAGkAdABlADoAIABoAHQAdABwADoALwAvAGQAZQBjAHIAeQBwAHQAbwByAC4AdABvAHAALwB7AFUASQBEAH0ADQAKAA0ACgBXAGEAcgBuAGkAbgBnADoAIABzAGUAYwBvAG4AZABhAHIAeQAgAHcAZQBiAHMAaQB0AGUAIABjAGEAbgAgAGIAZQAgAGIAbABvAGMAawBlAGQALAAgAHQAaABhAHQAcwAgAHcAaAB5ACAAZgBpAHIAcwB0ACAAdgBhAHIAaQBhAG4AdAAgAG0AdQBjAGgAIABiAGUAdAB0AGUAcgAgAGEAbgBkACAAbQBvAHIAZQAgAGEAdgBhAGkAbABhAGIAbABlAC4ADQAKAA0ACgBXAGgAZQBuACAAeQBvAHUAIABvAHAAZQBuACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlACwAIABwAHUAdAAgAHQAaABlACAAZgBvAGwAbABvAHcAaQBuAGcAIABkAGEAdABhACAAaQBuACAAdABoAGUAIABpAG4AcAB1AHQAIABmAG8AcgBtADoADQAKAEsAZQB5ADoADQAKAA0ACgB7AEsARQBZAH0ADQAKAA0ACgANAAoARQB4AHQAZQBuAHMAaQBvAG4AIABuAGEAbQBlADoADQAKAA0ACgB7AEUAWABUAH0ADQAKAA0ACgAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ADQAKAA0ACgAhACEAIQAgAEQAQQBOAEcARQBSACAAIQAhACEADQAKAEQATwBOAFQAIAB0AHIAeQAgAHQAbwAgAGMAaABhAG4AZwBlACAAZgBpAGwAZQBzACAAYgB5ACAAeQBvAHUAcgBzAGUAbABmACwAIABEAE8ATgBUACAAdQBzAGUAIABhAG4AeQAgAHQAaABpAHIAZAAgAHAAYQByAHQAeQAgAHMAbwBmAHQAdwBhAHIAZQAgAGYAbwByACAAcgBlAHMAdABvAHIAaQBuAGcAIAB5AG8AdQByACAAZABhAHQAYQAgAG8AcgAgAGEAbgB0AGkAdgBpAHIAdQBzACAAcwBvAGwAdQB0AGkAbwBuAHMAIAAtACAAaQB0AHMAIABtAGEAeQAgAGUAbgB0AGEAaQBsACAAZABhAG0AZwBlACAAbwBmACAAdABoAGUAIABwAHIAaQB2AGEAdABlACAAawBlAHkAIABhAG4AZAAsACAAYQBzACAAcgBlAHMAdQBsAHQALAAgAFQAaABlACAATABvAHMAcwAgAGEAbABsACAAZABhAHQAYQAuAA0ACgAhACEAIQAgACEAIQAhACAAIQAhACEADQAKAE8ATgBFACAATQBPAFIARQAgAFQASQBNAEUAOgAgAEkAdABzACAAaQBuACAAeQBvAHUAcgAgAGkAbgB0AGUAcgBlAHMAdABzACAAdABvACAAZwBlAHQAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYgBhAGMAawAuACAARgByAG8AbQAgAG8AdQByACAAcwBpAGQAZQAsACAAdwBlACAAKAB0AGgAZQAgAGIAZQBzAHQAIABzAHAAZQBjAGkAYQBsAGkAcwB0AHMAKQAgAG0AYQBrAGUAIABlAHYAZQByAHkAdABoAGkAbgBnACAAZgBvAHIAIAByAGUAcwB0AG8AcgBpAG4AZwAsACAAYgB1AHQAIABwAGwAZQBhAHMAZQAgAHMAaABvAHUAbABkACAAbgBvAHQAIABpAG4AdABlAHIAZgBlAHIAZQAuAA0ACgAhACEAIQAgACEAIQAhACAAIQAhACEAAAA=", "nname": "{EXT}-readme.txt", "exp": false, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA"}Yara Overview |
|---|
Initial Sample |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| MAL_RANSOM_REvil_Oct20_1 | Detects REvil ransomware | Florian Roth |
| |
| JoeSecurity_Revil | Yara detected Revil | Joe Security | ||
| REvil | REvil Payload | R3MRUM |
| |
| Win32_Ransomware_Revil | unknown | ReversingLabs |
|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| MAL_RANSOM_REvil_Oct20_1 | Detects REvil ransomware | Florian Roth |
| |
| JoeSecurity_Sodinokibi | Yara detected Sodinokibi Ransomware | Joe Security | ||
| MAL_RANSOM_REvil_Oct20_1 | Detects REvil ransomware | Florian Roth |
| |
| JoeSecurity_Sodinokibi | Yara detected Sodinokibi Ransomware | Joe Security | ||
| JoeSecurity_Ransomware_Generic | Yara detected Ransomware_Generic | Joe Security | ||
| Click to see the 2 entries | ||||
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| MAL_RANSOM_REvil_Oct20_1 | Detects REvil ransomware | Florian Roth |
| |
| JoeSecurity_Revil | Yara detected Revil | Joe Security | ||
| REvil | REvil Payload | R3MRUM |
| |
| Win32_Ransomware_Revil | unknown | ReversingLabs |
| |
| MAL_RANSOM_REvil_Oct20_1 | Detects REvil ransomware | Florian Roth |
| |
| Click to see the 3 entries | ||||
Sigma Overview |
|---|
System Summary: |   |
|---|
| Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities | Show sources | ||
| Source: | Author: Florian Roth, Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades): | ||
| Sigma detected: WannaCry Ransomware | Show sources | ||
| Source: | Author: Florian Roth (rule), Tom U. @c_APT_ure (collection), oscd.community, Jonhnathan Ribeiro: | ||
| Sigma detected: Copying Sensitive Files with Credential Data | Show sources | ||
| Source: | Author: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: | ||
Jbx Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: | |
|---|
| Antivirus / Scanner detection for submitted sample | Show sources | ||
| Source: | Avira: | ||
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||