top title background image
flash

maiKloMceA.exe

Status: finished
Submission Time: 2020-08-01 11:48:08 +02:00
Malicious
Ransomware
Evader
Sodinokibi

Comments

Tags

  • Ransomware
  • Sodinokibi

Details

  • Analysis ID:
    255514
  • API (Web) ID:
    406566
  • Analysis Started:
    2020-08-01 11:48:08 +02:00
  • Analysis Finished:
    2020-08-01 11:53:29 +02:00
  • MD5:
    90e6ea15ed18005b431e135186d57abf
  • SHA1:
    d8e126cd0f5f3f214989c3533fd22c7291c44174
  • SHA256:
    bbcaee51155609d365f6bb297d124efea685df0243ec1d4efb5043d9afe5963d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name Detection
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B262A05A85E2825A
http://decryptor.cc/
Click to see the 2 hidden entries
http://decryptor.cc/B262A05A85E2825A
https://torproject.org/

Dropped files

Name File Type Hashes Detection
C:\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\EFOYFBOLXA\EFOYFBOLXA.docx
data
#
C:\Users\user\Desktop\EFOYFBOLXA\PALRGUCVEH.xlsx
data
#
Click to see the 97 hidden entries
C:\Users\user\Desktop\EFOYFBOLXA\ZGGKNSUKOP.pdf
data
#
C:\Users\user\Desktop\NVWZAPQSQL\GIGIYTFFYT.mp3
data
#
C:\Users\user\Desktop\NVWZAPQSQL\GRXZDKKVDB.xlsx
SysEx File - Moog
#
C:\Users\user\Desktop\NVWZAPQSQL\EOWRVPQCCS.jpg
data
#
C:\Users\user\Desktop\NVWZAPQSQL\EIVQSAOTAQ.png
DOS executable (COM, 0x8C-variant)
#
C:\Users\user\Desktop\NVWZAPQSQL\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\NVWZAPQSQL.xlsx
data
#
C:\Users\user\Desktop\NVWZAPQSQL.docx
data
#
C:\Users\user\Desktop\LIJDSFKJZG\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\JDDHMPCDUJ.png
data
#
C:\Users\user\Desktop\GRXZDKKVDB.xlsx
data
#
C:\Users\user\Desktop\GRXZDKKVDB.jpg
data
#
C:\Users\user\Desktop\GLTYDMDUST\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\GIGIYTFFYT.mp3
data
#
C:\Users\user\Desktop\GIGIYTFFYT.jpg
data
#
C:\Users\user\Desktop\EOWRVPQCCS\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\EOWRVPQCCS.jpg
data
#
C:\Users\user\Desktop\EIVQSAOTAQ.png
data
#
C:\Users\user\Desktop\EFOYFBOLXA\ZIPXYXWIOY.mp3
data
#
C:\Users\user\Desktop\EFOYFBOLXA\JDDHMPCDUJ.png
data
#
C:\Users\user\Desktop\EFOYFBOLXA\GIGIYTFFYT.jpg
data
#
C:\Users\user\Desktop\EFOYFBOLXA\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\EFOYFBOLXA.pdf
data
#
C:\Users\user\Documents\8150e919x-readme.txt
data
#
C:\Users\user\Documents\EFOYFBOLXA.pdf
data
#
C:\Users\user\Documents\EFOYFBOLXA.docx
data
#
C:\Users\user\Documents\EEGWXUHVUG\PALRGUCVEH.mp3
data
#
C:\Users\user\Documents\EEGWXUHVUG\NVWZAPQSQL.xlsx
data
#
C:\Users\user\Documents\EEGWXUHVUG\GRXZDKKVDB.jpg
data
#
C:\Users\user\Documents\EEGWXUHVUG\EFOYFBOLXA.pdf
data
#
C:\Users\user\Documents\EEGWXUHVUG\EEGWXUHVUG.docx
data
#
C:\Users\user\Documents\EEGWXUHVUG\BJZFPPWAPT.png
data
#
C:\Users\user\Documents\EEGWXUHVUG\8150e919x-readme.txt
data
#
C:\Users\user\Documents\EEGWXUHVUG.docx
data
#
C:\Users\user\Documents\DUUDTUBZFW\8150e919x-readme.txt
data
#
C:\Users\user\Documents\BJZFPPWAPT.png
data
#
C:\Users\user\Desktop\EFOYFBOLXA.docx
data
#
C:\Users\user\Documents\20200801\PowerShell_transcript.927537.OtRss8_I.20200801115018.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20200801\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\ZIPXYXWIOY.mp3
data
#
C:\Users\user\Desktop\ZGGKNSUKOP.pdf
data
#
C:\Users\user\Desktop\TQDFJHPUIU\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\QCOILOQIKC\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\PALRGUCVEH.xlsx
data
#
C:\Users\user\Desktop\PALRGUCVEH.pdf
data
#
C:\Users\user\Desktop\PALRGUCVEH.mp3
data
#
C:\Users\user\Desktop\NVWZAPQSQL\PALRGUCVEH.pdf
data
#
C:\Users\user\Desktop\NVWZAPQSQL\NVWZAPQSQL.docx
data
#
C:\Users\Default\Downloads\8150e919x-readme.txt
data
#
C:\Users\Public\AccountPictures\8150e919x-readme.txt
data
#
C:\Users\Public\8150e919x-readme.txt
data
#
C:\Users\Default\Videos\8150e919x-readme.txt
data
#
C:\Users\Default\Saved Games\8150e919x-readme.txt
data
#
C:\Users\Default\Pictures\8150e919x-readme.txt
data
#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
data
#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
data
#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
data
#
C:\Users\Default\NTUSER.DAT.LOG1
data
#
C:\Users\Default\Music\8150e919x-readme.txt
data
#
C:\Users\Default\Links\8150e919x-readme.txt
data
#
C:\Users\Default\Favorites\8150e919x-readme.txt
data
#
C:\Users\Public\Desktop\8150e919x-readme.txt
data
#
C:\Users\Default\Documents\8150e919x-readme.txt
data
#
C:\Users\Default\Desktop\8150e919x-readme.txt
data
#
C:\Users\Default\8150e919x-readme.txt
data
#
C:\Users\8150e919x-readme.txt
data
#
C:\Recovery\8150e919x-readme.txt
data
#
C:\Program Files\8150e919x-readme.txt
data
#
C:\Program Files (x86)\Microsoft SQL Server\8150e919x-readme.txt
data
#
C:\Program Files (x86)\Microsoft SQL Server\110\Shared\8150e919x-readme.txt
data
#
C:\Program Files (x86)\Microsoft SQL Server\110\8150e919x-readme.txt
data
#
C:\Program Files (x86)\8150e919x-readme.txt
data
#
C:\Config.Msi\8150e919x-readme.txt
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g1c4hkao.iyb.psm1
very short file (no magic)
#
C:\Users\user\Desktop\EEGWXUHVUG\NVWZAPQSQL.xlsx
data
#
C:\Users\user\Desktop\EEGWXUHVUG\GRXZDKKVDB.jpg
PGP\011Secret Key -
#
C:\Users\user\Desktop\EEGWXUHVUG\EFOYFBOLXA.pdf
data
#
C:\Users\user\Desktop\EEGWXUHVUG\EEGWXUHVUG.docx
data
#
C:\Users\user\Desktop\EEGWXUHVUG\BJZFPPWAPT.png
data
#
C:\Users\user\Desktop\EEGWXUHVUG\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\EEGWXUHVUG.docx
data
#
C:\Users\user\Desktop\DUUDTUBZFW\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\BJZFPPWAPT.png
data
#
C:\Users\user\Desktop\8150e919x-readme.txt
data
#
C:\Users\user\Contacts\8150e919x-readme.txt
data
#
C:\Users\user\Desktop\EEGWXUHVUG\PALRGUCVEH.mp3
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0dgxfimg.yi3.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\8150e919x-readme.txt
data
#
C:\Users\user\3D Objects\8150e919x-readme.txt
data
#
C:\Users\Public\Videos\8150e919x-readme.txt
data
#
C:\Users\Public\Pictures\8150e919x-readme.txt
data
#
C:\Users\Public\Music\8150e919x-readme.txt
data
#
C:\Users\Public\Libraries\RecordedTV.library-ms
data
#
C:\Users\Public\Libraries\8150e919x-readme.txt
data
#
C:\Users\Public\Downloads\8150e919x-readme.txt
data
#
C:\Users\Public\Documents\8150e919x-readme.txt
data
#