General
-
Target
dd4867c49f6080ac516b290e9dd1f131598b0222d038afccce5af55c133bf92a.bin.sample
-
Size
190KB
-
Sample
210928-lql5kabfap
-
MD5
baec2ecd3c52fa1a9d0cb8c2bc8a7bea
-
SHA1
1018f7e5f354b082427d131dbb1470893aa3d6b8
-
SHA256
dd4867c49f6080ac516b290e9dd1f131598b0222d038afccce5af55c133bf92a
-
SHA512
8d8acc55969b66390d327e393954a8a66193cda5cd7cc591c9e46ea82d79107ceb160447e5ed6bd3751ab5c09466134f1768c0d0de30c67ab1a143ca790466db
Static task
static1
Behavioral task
behavioral1
Sample
dd4867c49f6080ac516b290e9dd1f131598b0222d038afccce5af55c133bf92a.bin.sample.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
dd4867c49f6080ac516b290e9dd1f131598b0222d038afccce5af55c133bf92a.bin.sample.dll
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.best
Targets
-
-
Target
dd4867c49f6080ac516b290e9dd1f131598b0222d038afccce5af55c133bf92a.bin.sample
-
Size
190KB
-
MD5
baec2ecd3c52fa1a9d0cb8c2bc8a7bea
-
SHA1
1018f7e5f354b082427d131dbb1470893aa3d6b8
-
SHA256
dd4867c49f6080ac516b290e9dd1f131598b0222d038afccce5af55c133bf92a
-
SHA512
8d8acc55969b66390d327e393954a8a66193cda5cd7cc591c9e46ea82d79107ceb160447e5ed6bd3751ab5c09466134f1768c0d0de30c67ab1a143ca790466db
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-