General
-
Target
198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3
-
Size
191KB
-
Sample
210120-htss8ecnde
-
MD5
20f0c736a966142de88dee06a2e4a5b1
-
SHA1
afb2fe6b541069259b0fd9be82d62594a361afb0
-
SHA256
198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3
-
SHA512
a012898e9e8cc6789cbaea7a36f54140f1b70c45b8874f2f5504ea3971494d5856f7f54aaa00dc37a3746362d85b54c665bc485f0e7d491ec99e9155950c7e43
Static task
static1
Behavioral task
behavioral1
Sample
198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3.exe
Resource
win10v20201028
Malware Config
Extracted
C:\readme.txt
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
https://contirecovery.best
Targets
-
-
Target
198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3
-
Size
191KB
-
MD5
20f0c736a966142de88dee06a2e4a5b1
-
SHA1
afb2fe6b541069259b0fd9be82d62594a361afb0
-
SHA256
198667b1eda010a431dfb051a101cc73ead1d45ba8d0f6641ec1c14bca4106f3
-
SHA512
a012898e9e8cc6789cbaea7a36f54140f1b70c45b8874f2f5504ea3971494d5856f7f54aaa00dc37a3746362d85b54c665bc485f0e7d491ec99e9155950c7e43
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-