General
-
Target
7236c8098c55ea1d144f4d6646e8cab8c7fdbde1d127d409b0d6a4ff1029628e.bin.sample
-
Size
196KB
-
Sample
210922-ntwjhscdb4
-
MD5
4bb476c98b3bf1e4fa6212728b354160
-
SHA1
0c7ce8f80ac786cbd1c1c4054d605d366896d36b
-
SHA256
7236c8098c55ea1d144f4d6646e8cab8c7fdbde1d127d409b0d6a4ff1029628e
-
SHA512
26df60690db131ae396c91fde7d5d95ebb67975cd2adf0189c2b136cef43314c32fd133dcafee9c353e9a54c609751b27e179f3e7536bddfa2aa6be0d78d59e7
Static task
static1
Behavioral task
behavioral1
Sample
7236c8098c55ea1d144f4d6646e8cab8c7fdbde1d127d409b0d6a4ff1029628e.bin.sample.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
7236c8098c55ea1d144f4d6646e8cab8c7fdbde1d127d409b0d6a4ff1029628e.bin.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.xyz/
Targets
-
-
Target
7236c8098c55ea1d144f4d6646e8cab8c7fdbde1d127d409b0d6a4ff1029628e.bin.sample
-
Size
196KB
-
MD5
4bb476c98b3bf1e4fa6212728b354160
-
SHA1
0c7ce8f80ac786cbd1c1c4054d605d366896d36b
-
SHA256
7236c8098c55ea1d144f4d6646e8cab8c7fdbde1d127d409b0d6a4ff1029628e
-
SHA512
26df60690db131ae396c91fde7d5d95ebb67975cd2adf0189c2b136cef43314c32fd133dcafee9c353e9a54c609751b27e179f3e7536bddfa2aa6be0d78d59e7
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-