General
-
Target
605fb27a1912440c0f65fc554d30377fa4f789c07046ff920c4d8b6ce7992919
-
Size
215KB
-
Sample
210915-mnq66sdehq
-
MD5
8ee0ba4bfa8af6c9db317e084eef0d91
-
SHA1
9250a23d1011b9076816785da78b1ee46864e21e
-
SHA256
605fb27a1912440c0f65fc554d30377fa4f789c07046ff920c4d8b6ce7992919
-
SHA512
5959a2fb8803fb3e3f079f917bbfdf65a73b2d76c2f520542f207ab7cd0da4c10a28ed1ed09f792fdf7c804e53383a072f66ca2bd4af86c5326ee0caa23e8c0d
Static task
static1
Behavioral task
behavioral1
Sample
605fb27a1912440c0f65fc554d30377fa4f789c07046ff920c4d8b6ce7992919.dll
Resource
win7-en
Behavioral task
behavioral2
Sample
605fb27a1912440c0f65fc554d30377fa4f789c07046ff920c4d8b6ce7992919.dll
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
605fb27a1912440c0f65fc554d30377fa4f789c07046ff920c4d8b6ce7992919
-
Size
215KB
-
MD5
8ee0ba4bfa8af6c9db317e084eef0d91
-
SHA1
9250a23d1011b9076816785da78b1ee46864e21e
-
SHA256
605fb27a1912440c0f65fc554d30377fa4f789c07046ff920c4d8b6ce7992919
-
SHA512
5959a2fb8803fb3e3f079f917bbfdf65a73b2d76c2f520542f207ab7cd0da4c10a28ed1ed09f792fdf7c804e53383a072f66ca2bd4af86c5326ee0caa23e8c0d
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-