General
-
Target
42ebe9b09e9e2ee2d1c345632a571cbaf09fcad3be9662af661c2bce110cc09b.bin.sample
-
Size
196KB
-
Sample
210928-kar57sbcaq
-
MD5
75a4117876741cc839d083cbeffd9e88
-
SHA1
044f4d9fbe5f7fcaa350e6ae900f240bafd07c31
-
SHA256
42ebe9b09e9e2ee2d1c345632a571cbaf09fcad3be9662af661c2bce110cc09b
-
SHA512
77b1521650276dc61b47eaffd28ab7b03f61ee6842a7e296ceca8005966e2553d75942f3529aa6161850971629ac5fb4f2140328b6d550d5dd7f70a7a38b79be
Static task
static1
Behavioral task
behavioral1
Sample
42ebe9b09e9e2ee2d1c345632a571cbaf09fcad3be9662af661c2bce110cc09b.bin.sample.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
42ebe9b09e9e2ee2d1c345632a571cbaf09fcad3be9662af661c2bce110cc09b.bin.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.xyz/
Targets
-
-
Target
42ebe9b09e9e2ee2d1c345632a571cbaf09fcad3be9662af661c2bce110cc09b.bin.sample
-
Size
196KB
-
MD5
75a4117876741cc839d083cbeffd9e88
-
SHA1
044f4d9fbe5f7fcaa350e6ae900f240bafd07c31
-
SHA256
42ebe9b09e9e2ee2d1c345632a571cbaf09fcad3be9662af661c2bce110cc09b
-
SHA512
77b1521650276dc61b47eaffd28ab7b03f61ee6842a7e296ceca8005966e2553d75942f3529aa6161850971629ac5fb4f2140328b6d550d5dd7f70a7a38b79be
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-