General
-
Target
seu.exe
-
Size
6.4MB
-
Sample
210506-hyr8xpbnks
-
MD5
bd3c693ecd17dcd9e60b08ab963121de
-
SHA1
3480a1dbc4bcc1bb06a7fbdc82e892ec5ba3d6ab
-
SHA256
8bd2067d088dad4df24e11244f5b72ce1fd22b686e2ce9ba6ee8711f8f6a836d
-
SHA512
88a6cdd1435c85b288cc37bd6f15b82fe8619e00f439a0bf5f3411fd171a4c84a0e1e7c34261f7510dc2f92af3c14323b97e2efc47fc78e61b6db4d3865eed46
Static task
static1
Behavioral task
behavioral1
Sample
seu.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
seu.exe
Resource
win10v20210410
Malware Config
Extracted
C:\8342kw-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C4EE920676CFAC51
http://decoder.re/C4EE920676CFAC51
Targets
-
-
Target
seu.exe
-
Size
6.4MB
-
MD5
bd3c693ecd17dcd9e60b08ab963121de
-
SHA1
3480a1dbc4bcc1bb06a7fbdc82e892ec5ba3d6ab
-
SHA256
8bd2067d088dad4df24e11244f5b72ce1fd22b686e2ce9ba6ee8711f8f6a836d
-
SHA512
88a6cdd1435c85b288cc37bd6f15b82fe8619e00f439a0bf5f3411fd171a4c84a0e1e7c34261f7510dc2f92af3c14323b97e2efc47fc78e61b6db4d3865eed46
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-