General
-
Target
98bfbdfb6a850a2f3f1e968a1e23c790fee1d8a80dc61f9cdd88394d50091c1b
-
Size
190KB
-
Sample
210917-hkrw3sehe3
-
MD5
cc761ff32d8365d76e5a0ae25fdbed9e
-
SHA1
954d00cc3ad3c2c2495efe94474e66b9107b307f
-
SHA256
98bfbdfb6a850a2f3f1e968a1e23c790fee1d8a80dc61f9cdd88394d50091c1b
-
SHA512
d25e9bd1a14ead9ce51ece70c7366dc862614fdd73bf9c290cdf690d939cdce46d66694faa1f449260a41d10776802637f10c8a621d5d32a1c9409ffdd17e47f
Static task
static1
Behavioral task
behavioral1
Sample
98bfbdfb6a850a2f3f1e968a1e23c790fee1d8a80dc61f9cdd88394d50091c1b.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
98bfbdfb6a850a2f3f1e968a1e23c790fee1d8a80dc61f9cdd88394d50091c1b.exe
Resource
win10-en
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.top/
Targets
-
-
Target
98bfbdfb6a850a2f3f1e968a1e23c790fee1d8a80dc61f9cdd88394d50091c1b
-
Size
190KB
-
MD5
cc761ff32d8365d76e5a0ae25fdbed9e
-
SHA1
954d00cc3ad3c2c2495efe94474e66b9107b307f
-
SHA256
98bfbdfb6a850a2f3f1e968a1e23c790fee1d8a80dc61f9cdd88394d50091c1b
-
SHA512
d25e9bd1a14ead9ce51ece70c7366dc862614fdd73bf9c290cdf690d939cdce46d66694faa1f449260a41d10776802637f10c8a621d5d32a1c9409ffdd17e47f
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-