Defeating Sodinokibi/REvil String-Obfuscation in Ghidra – nullteilerfrei
Tags
attack-pattern: Data Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID c5b5b8d8-250d-4c60-a68f-98d44f72130d
Fingerprint a8802253ac65322a
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 2, 2020, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Defeating Sodinokibi/REvil String-Obfuscation in Ghidra
Title Defeating Sodinokibi/REvil String-Obfuscation in Ghidra – nullteilerfrei
Detected Hints/Tags/Attributes 38/1/20
Source URLs
Redirection Url
Details Source https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra/
URL Provider
Details Provider Source level domain
Details nullteilerfrei.de blag.nullteilerfrei.de
Attributes
Details Type #Events CTI Value
Details Domain 2 
pcodes.next
Details Domain 2 
pcodeop.call
Details Domain 1 
currentaddress.next
Details File 2 
codeunit.pl
Details File 2127 
cmd.exe
Details File 345 
vssadmin.exe
Details File 1260 
explorer.exe
Details File 86 
ole32.dll
Details File 15 
win32kfull.sys
Details File 115 
win32k.sys
Details File 229 
advapi32.dll
Details File 83 
crypt32.dll
Details File 76 
gdi32.dll
Details File 45 
mpr.dll
Details File 185 
shell32.dll
Details File 69 
shlwapi.dll
Details File 291 
user32.dll
Details File 34 
winhttp.dll
Details File 39 
winmm.dll
Details sha256 2 
5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93