General
-
Target
5cf0a6ac9786638a063eea9ab68508f31e537072bbcea27371f9121d2668a251
-
Size
190KB
-
Sample
210926-qdyeaaehd3
-
MD5
6da5a1163c3c8264134b3366521ef78a
-
SHA1
8dc13c56d1998ab44176361fb8f9389eca75f415
-
SHA256
5cf0a6ac9786638a063eea9ab68508f31e537072bbcea27371f9121d2668a251
-
SHA512
5ead53b33ac55e2e14d64c14d6009d96dd62e468ad20270ca6b44658f557b91778b6a52a6124a9133d8d25a4d8155666f935c1c88b4650f3fd6738d0da4e7818
Static task
static1
Behavioral task
behavioral1
Sample
5cf0a6ac9786638a063eea9ab68508f31e537072bbcea27371f9121d2668a251.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
5cf0a6ac9786638a063eea9ab68508f31e537072bbcea27371f9121d2668a251.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\readme.txt
conti
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
https://contirecovery.info
Targets
-
-
Target
5cf0a6ac9786638a063eea9ab68508f31e537072bbcea27371f9121d2668a251
-
Size
190KB
-
MD5
6da5a1163c3c8264134b3366521ef78a
-
SHA1
8dc13c56d1998ab44176361fb8f9389eca75f415
-
SHA256
5cf0a6ac9786638a063eea9ab68508f31e537072bbcea27371f9121d2668a251
-
SHA512
5ead53b33ac55e2e14d64c14d6009d96dd62e468ad20270ca6b44658f557b91778b6a52a6124a9133d8d25a4d8155666f935c1c88b4650f3fd6738d0da4e7818
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-