2024-07-02 11:41:17 +00:00
|
|
|
# Sample Information
|
|
|
|
|
|
|
|
<table>
|
|
|
|
<tr>
|
|
|
|
<td><b>VirusTotal Threat Label</b></td>
|
|
|
|
<td><b><span style="color: red">trojan.revil/sodinokibi</span></b></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>md5</b></td>
|
|
|
|
<td>73041d7b9a93d3cda76e2a052ac02e82</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>sha1</b></td>
|
|
|
|
<td>f995852f291e2c946e15d20d020bb8e8defd317f</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>sha256</b></td>
|
|
|
|
<td>776ea636ee33aab6b2db5f46889b027c297280db37400efb091e0d4a9001a7d7</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>sha512</b></td>
|
|
|
|
<td>6f430874949362bf2d9d29153c0f9d0e5c53ea7bf69a44cf14c2627981d87ff0ad45fb12c26223dc33ceebf57b6113db37e347b2b4b2fa7ac037a63edc209371</td>
|
|
|
|
</tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
**VirusTotal**: https://www.virustotal.com/gui/file/776ea636ee33aab6b2db5f46889b027c297280db37400efb091e0d4a9001a7d7
|
|
|
|
|
2024-07-02 12:51:39 +00:00
|
|
|
## Analysis
|
|
|
|
|
2024-07-02 14:16:57 +00:00
|
|
|
![analysis](analysis/sample.svg)
|
2024-07-02 12:51:39 +00:00
|
|
|
|
2024-07-02 11:41:17 +00:00
|
|
|
## Detection Names
|
|
|
|
|
|
|
|
a variant of Linux/Filecoder.Sodinokibi.A
|
|
|
|
Detected
|
|
|
|
E64/ABRansom.YAVB-
|
|
|
|
ELF:Filecoder-BN [Trj]
|
|
|
|
Gen:Variant.Trojan.Linux.Revil.1
|
|
|
|
Gen:Variant.Trojan.Linux.Revil.1 (B)
|
|
|
|
HEUR:Trojan-Ransom.Linux.Agent.z
|
|
|
|
Linux.Encoder.92
|
|
|
|
Linux/Ransm-K
|
|
|
|
Linux.RansomSodinokibi
|
|
|
|
Linux.Ransomware.Sodinokibi
|
|
|
|
LINUX/Sodinokibi.a
|
|
|
|
LINUX/Sodinokibi.G
|
|
|
|
Linux.Trojan-Ransom.Agent.Pqil
|
|
|
|
Malicious (score: 99)
|
|
|
|
malware (ai score=84)
|
|
|
|
Malware.LINUX/Sodinokibi.G
|
|
|
|
Ransom:Linux/MoneyMessage.K!MTB
|
|
|
|
Ransom.Linux.SODINOKIBI.SMYXCFL
|
|
|
|
Ransom.Sodinokibi/Linux!1.D7B7 (CLASSIC)
|
|
|
|
Ransomware:Linux/Revil.3e7c0b8a
|
|
|
|
Static AI - Suspicious ELF
|
|
|
|
Trojan.Generic.gyagl
|
|
|
|
Trojan-Ransom.Elf.REvil
|
|
|
|
Trojan[Ransom]/Linux.Sodin.gen
|
|
|
|
Trojan.Trojan.Linux.Revil.1
|
|
|
|
Unix.Ransomware.REvil-9876132-0
|