General
-
Target
2412b5ee3bf9de72b0e98999857d0152dbc6d0e8204d907f874ce71bcef70196.bin.sample
-
Size
196KB
-
Sample
210928-jq32zabag8
-
MD5
21cebf7aefdae41e3c0c89a3a6f904c4
-
SHA1
866419baad25a08b12cefbe6d19681bae7b692a3
-
SHA256
2412b5ee3bf9de72b0e98999857d0152dbc6d0e8204d907f874ce71bcef70196
-
SHA512
b4eec6daf509a3dd5518f09eeceff016ee10c48b84fa9ea35dd13f35de71ee7356029b872b79a4cfd74b42b437d0c044fceda4c7c07ecaf1f59bea31a7477446
Static task
static1
Behavioral task
behavioral1
Sample
2412b5ee3bf9de72b0e98999857d0152dbc6d0e8204d907f874ce71bcef70196.bin.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2412b5ee3bf9de72b0e98999857d0152dbc6d0e8204d907f874ce71bcef70196.bin.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.xyz/
Targets
-
-
Target
2412b5ee3bf9de72b0e98999857d0152dbc6d0e8204d907f874ce71bcef70196.bin.sample
-
Size
196KB
-
MD5
21cebf7aefdae41e3c0c89a3a6f904c4
-
SHA1
866419baad25a08b12cefbe6d19681bae7b692a3
-
SHA256
2412b5ee3bf9de72b0e98999857d0152dbc6d0e8204d907f874ce71bcef70196
-
SHA512
b4eec6daf509a3dd5518f09eeceff016ee10c48b84fa9ea35dd13f35de71ee7356029b872b79a4cfd74b42b437d0c044fceda4c7c07ecaf1f59bea31a7477446
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-