General
-
Target
4d8e709832dc3b6cc9283dc2c79eac0d9a4092b1a3b180d7cc7ec6902b7a128c.bin.sample
-
Size
194KB
-
Sample
210928-kbld2sbbd4
-
MD5
783d5a6f010336bf47803a5570fd0997
-
SHA1
e12cd3ebc23579f43ba7ec0cf07b29c79dc7dbe6
-
SHA256
4d8e709832dc3b6cc9283dc2c79eac0d9a4092b1a3b180d7cc7ec6902b7a128c
-
SHA512
5ed5ee8e23c0a95687172d8f8f39ac326f2ab5dd0c77b37fab281a2519cc07aa947db2ded9d4dea2e24e70f82cb932f350e7be9c56d9dbd96d1b5c64b5c039d0
Static task
static1
Behavioral task
behavioral1
Sample
4d8e709832dc3b6cc9283dc2c79eac0d9a4092b1a3b180d7cc7ec6902b7a128c.bin.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d8e709832dc3b6cc9283dc2c79eac0d9a4092b1a3b180d7cc7ec6902b7a128c.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.best
Targets
-
-
Target
4d8e709832dc3b6cc9283dc2c79eac0d9a4092b1a3b180d7cc7ec6902b7a128c.bin.sample
-
Size
194KB
-
MD5
783d5a6f010336bf47803a5570fd0997
-
SHA1
e12cd3ebc23579f43ba7ec0cf07b29c79dc7dbe6
-
SHA256
4d8e709832dc3b6cc9283dc2c79eac0d9a4092b1a3b180d7cc7ec6902b7a128c
-
SHA512
5ed5ee8e23c0a95687172d8f8f39ac326f2ab5dd0c77b37fab281a2519cc07aa947db2ded9d4dea2e24e70f82cb932f350e7be9c56d9dbd96d1b5c64b5c039d0
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-