General
-
Target
a8ad29bc65e063597eec3577358b68684be6a8d7010c5bfd713ad8f35cf1306d.bin.sample
-
Size
197KB
-
Sample
210928-llmkjabdg4
-
MD5
786bdbe0b2b52039d3e912edd058361e
-
SHA1
53de202747bcf283fe25fa099641bc12d13bf7b2
-
SHA256
a8ad29bc65e063597eec3577358b68684be6a8d7010c5bfd713ad8f35cf1306d
-
SHA512
1209a29c6098739c2a2ca2ff6859f176ad7fbba17a820cf82b32428446e9e5fbf5921f743a9f4fdf471d9da73b72f0236528451859e2217275bc2d327775a309
Static task
static1
Behavioral task
behavioral1
Sample
a8ad29bc65e063597eec3577358b68684be6a8d7010c5bfd713ad8f35cf1306d.bin.sample.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
a8ad29bc65e063597eec3577358b68684be6a8d7010c5bfd713ad8f35cf1306d.bin.sample.dll
Resource
win10-en-20210920
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.xyz/
Targets
-
-
Target
a8ad29bc65e063597eec3577358b68684be6a8d7010c5bfd713ad8f35cf1306d.bin.sample
-
Size
197KB
-
MD5
786bdbe0b2b52039d3e912edd058361e
-
SHA1
53de202747bcf283fe25fa099641bc12d13bf7b2
-
SHA256
a8ad29bc65e063597eec3577358b68684be6a8d7010c5bfd713ad8f35cf1306d
-
SHA512
1209a29c6098739c2a2ca2ff6859f176ad7fbba17a820cf82b32428446e9e5fbf5921f743a9f4fdf471d9da73b72f0236528451859e2217275bc2d327775a309
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-