General
-
Target
e7ce83a1a5163487d86538344c4f37c72a795b07b03a40db7d36ec81a442d685.bin.sample
-
Size
192KB
-
Sample
210928-lrcmhsbfbj
-
MD5
20a0f74349d36d65cb45a7512596848e
-
SHA1
0c3603f4f1e386e7af030e94f24cfa71a27aa4e5
-
SHA256
e7ce83a1a5163487d86538344c4f37c72a795b07b03a40db7d36ec81a442d685
-
SHA512
cb5508a7de83fcc47974173675f592e707d908d8bbfa54886fb41e95dd23baa1f74f7f2b4a1ab97bf0ab245c26ac65db0e598ecfeb26c21c10bfb1a2478438f8
Static task
static1
Behavioral task
behavioral1
Sample
e7ce83a1a5163487d86538344c4f37c72a795b07b03a40db7d36ec81a442d685.bin.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e7ce83a1a5163487d86538344c4f37c72a795b07b03a40db7d36ec81a442d685.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\readme.txt
conti
polzarutu1982@protonmail.com
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
https://contirecovery.best
Targets
-
-
Target
e7ce83a1a5163487d86538344c4f37c72a795b07b03a40db7d36ec81a442d685.bin.sample
-
Size
192KB
-
MD5
20a0f74349d36d65cb45a7512596848e
-
SHA1
0c3603f4f1e386e7af030e94f24cfa71a27aa4e5
-
SHA256
e7ce83a1a5163487d86538344c4f37c72a795b07b03a40db7d36ec81a442d685
-
SHA512
cb5508a7de83fcc47974173675f592e707d908d8bbfa54886fb41e95dd23baa1f74f7f2b4a1ab97bf0ab245c26ac65db0e598ecfeb26c21c10bfb1a2478438f8
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-