Managed XDR
Group-IB MDP Report
File info
Filename: home-petik-ss-malware-2024-12-18_663069fe32ab671af55a5f79693aa937_revil_sodinokibi
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 143.5 KB
Env info
win7/x86 en
Hashes
SHA1: 6dc5ba588eff210e790b81112c3614c8eb072f46
SHA256: 626d8502352b9f4566cc6ed640b4dd22654e7f8ff8f8bd36b4c7b251f1e862ef
MD5: 663069fe32ab671af55a5f79693aa937
Malwares
Sodinokibi
Signatures
Privilege Escalation
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
next report: 5c795687-008e-490f-a84f-f95115d9cb87
previous report: c1a762e1-c7fc-4eea-9db8-bfbddd115d7b
Managed XDR