General
-
Target
0407468ec50f7f553be379d9c7042560f443c8f40919309a771a210dc34823cf
-
Size
215KB
-
Sample
210917-gdywdahgan
-
MD5
ae5cab1c2ef1b24bb3a998737229427b
-
SHA1
271a5a395e974dcc9c0b6e25d66631ff42dd777f
-
SHA256
0407468ec50f7f553be379d9c7042560f443c8f40919309a771a210dc34823cf
-
SHA512
231b157899aa5f59085131c66fd99558490e88a55efe5bb0f7ddbf7a162d3abcffbdf13d4a023d7e55fa5b883dccc96640865ddc73a4baf5669bf5f4fedb1813
Static task
static1
Behavioral task
behavioral1
Sample
0407468ec50f7f553be379d9c7042560f443c8f40919309a771a210dc34823cf.dll
Resource
win7-en-20210916
Behavioral task
behavioral2
Sample
0407468ec50f7f553be379d9c7042560f443c8f40919309a771a210dc34823cf.dll
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.xyz/
Targets
-
-
Target
0407468ec50f7f553be379d9c7042560f443c8f40919309a771a210dc34823cf
-
Size
215KB
-
MD5
ae5cab1c2ef1b24bb3a998737229427b
-
SHA1
271a5a395e974dcc9c0b6e25d66631ff42dd777f
-
SHA256
0407468ec50f7f553be379d9c7042560f443c8f40919309a771a210dc34823cf
-
SHA512
231b157899aa5f59085131c66fd99558490e88a55efe5bb0f7ddbf7a162d3abcffbdf13d4a023d7e55fa5b883dccc96640865ddc73a4baf5669bf5f4fedb1813
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-