Malware
35

A Detailed Analysis of The Last Version of REvil Ransomware Prepared by: Vlad Pasca, Senior Malware and Threat Analyst






  11-Dec-2022 02:00:04



Executive summary
REvil/Sodinokibi ransomware has been active since 2019, with breaks due to law enforcement.
The ransomware can run with one of the following parameters: "-nolan", "-nolocal", "-path",
"-silent", "-smode", “-fast”, and “-full”. The malware comes with an RC4 encrypted configuration,
kills a list of targeted processes, and stops some specified services. It also deletes all Volume
Shadow Copies using WMI and targets logical drives and network shares.
The sample only renames the files that are supposed to be encrypted due to a bug
implemented by the developers. REvil implements a combination of ECC (Curve25519) and
Salsa20 algorithms during the encryption process. The ransomware can operate in Safe Mode by
specifying a parameter, and it establishes persistence in this case by creating an entry under the
RunOnce key

Link : https://securityscorecard.pathfactory.com/research/detailed-analysis-revil#page=1

*Beware click the link!


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
13410
3
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
12721
173
Top

Free Proxy List
Sandidi Sandidi
Networking
3270
3
Top

Komintod (Ministry of Communic...
Murtad methamphetamine Murtad methamphetamine
Data Leak
2897
52
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2759
13
Top

Related Post

Youtube Video

Subscribe